Qbot Office (OOXML) / .XLSX malware analysis — malicious · ec0edd9b5617d1eb

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c6ca6df32b7b071d8ddcfba553cf9e22 SHA-1: 4bb6275ed159f7c4245f172e8fa9a40b716c887c SHA-256: ec0edd9b5617d1ebf11c1b2cacd9fd3846e5e96bd245a293824929cbe459c306

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial stage of the infection. Further analysis of the document's content and any embedded scripts would be necessary to detail the exact execution flow.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.