Qbot Office (OOXML) / .XLSX malware analysis — malicious · ea3c9ef6eae6dde0

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ffeea4fb7b67876b1e654ddf9d7d45f1 SHA-1: 93261a2c45abb0d00b7764148405c9d160d22781 SHA-256: ea3c9ef6eae6dde0d0f671fabb3216ff856c9e47062ef8c7edce6173e6023eee

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial stage of the Qbot infection. Further analysis would be required to confirm the exact execution chain and any network indicators.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.