Qbot Office (OOXML) / .XLSX malware analysis — malicious · f5c6c1ef6ab5784c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1acf72b7528f13692c1a69aad8369fcc SHA-1: 0a930aa61c2a67dab7056c38aa0b5ead9b571574 SHA-256: f5c6c1ef6ab5784c91d93e14c2303cb291cecbb9f3c30b5a05d7fb35989bf9e1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious attachment, likely through social engineering, to initiate the payload download and execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.