Qbot Office (OOXML) / .XLSX malware analysis — malicious · eccbf647b84d6d46

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 05c8991fb456635d20dabf279bcade39 SHA-1: 0f24976223a3b02edef3be1945fc2f126270e1a4 SHA-256: eccbf647b84d6d46501d728e149a335691397ee7e7ece711617550e4f46f3ae3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user to open the malicious attachment and likely execute embedded macros or exploit vulnerabilities to download and run a secondary payload. The SHA256 hash is provided as a primary indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.