Qbot Office (OOXML) / .XLSX malware analysis — malicious · ef22b4e40a6f1b86

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 483dd01d50b1338e8e53612183bcbe45 SHA-1: 906c4fed0b4d40307b2a3b676c7b8c71677b3782 SHA-256: ef22b4e40a6f1b86004db825e1d8c08b2f83ebc1669a7b3b49d51ef8713b17b1

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then executes the embedded payload. No further IOCs were extracted from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.