Qbot Office (OOXML) / .XLSX malware analysis — malicious · f445212f8dfc4a11

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 416ba15a3e560617c22723d1a5c014fa SHA-1: d3b3a1868680b300aacb99167a89ef973f41d83c SHA-256: f445212f8dfc4a11d0669f9f1adca05364cab72a13db6decbea052a0455c8e09

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to initiate the infection chain. The dropper's purpose is to download and execute a secondary payload, which is characteristic of Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.