Qbot Office (OOXML) / .XLSX malware analysis — malicious · fdf33c5d2edf69b0

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 47dfbb529074662a645675d235e4d52b SHA-1: acdd5efce9cb73d15da805ec03ec5fe733ba9856 SHA-256: fdf33c5d2edf69b098f30186de13b711b1ebb29a813bd1f164905aea1eb310d9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. The detection suggests the Excel file is designed to execute malicious code, likely through macro execution, to download and install further stages of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.