Qbot Office (OOXML) / .XLSX malware analysis — malicious · 21cbee72e806c626

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 12e1b193e0d27341a0be1aa1288c9897 SHA-1: 6ec2822e863dd50d74d0c13cd4d079dd47907ebf SHA-256: 21cbee72e806c626895c99ff05c86a53b73f9ccdc2450ca11ee82a15077e8c9f

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically flags it as 'Xls.Dropper.QbotDocu', strongly indicating its purpose is to drop and execute the Qbot banking trojan. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.