Qbot Office (OOXML) / .XLSX malware analysis — malicious · fa703b692e17c922

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: eaf4ac9c8f38702880f6daccabae73b6 SHA-1: 681847b26cd3c13ba16d8fed651a6329704f5091 SHA-256: fa703b692e17c922b47cba92067491fb5517057d64c080c4abcccf0df0cdaa49

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel file as an attachment to compromise the user's system. The SHA256 hash is included as a primary indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.