Qbot Office (OOXML) / .XLSX malware analysis — malicious · f8087b270de77088

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4bc81d7f317c6832633ff5989f46bf88 SHA-1: fcd2dcb1d65d136173ce10741bd39d221dba65df SHA-256: f8087b270de77088b87f9866c3f81b798a66bc391e432e1a642b8c79fcfdb99a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This suggests the file's primary purpose is to facilitate the download and execution of further malicious components associated with the Qbot banking trojan. No specific IOCs were extracted from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.