Qbot Office (OOXML) / .XLSX malware analysis — malicious · f42a4b06c880ae56

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 21c4e5de651ed27f2ca39d4c1eaded16 SHA-1: e75addec6ba1a3c728655b283baa09e353a8ca83 SHA-256: f42a4b06c880ae562a207b96c17f44171e2ee4337665d446c03da155bcd816a7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The file's structure as an OOXML XLSX document suggests it is delivered as an attachment, likely via spearphishing, to lure users into executing its payload. The primary function is to download and run a secondary stage malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.