Qbot Office (OOXML) / .XLSX malware analysis — malicious · f7dd6361b7a8d1f5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8405202705b9260e1a1ae658a1b42694 SHA-1: d5381629371bf20d123ae7f2ebe225fcc8ac7e89 SHA-256: f7dd6361b7a8d1f5320b5c35bbf5c196654d38f15da9b093077a590a7e3e474a

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, where the user is tricked into opening the malicious spreadsheet. No scripts or document body content were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.