Qbot Office (OOXML) / .XLSX malware analysis — malicious · 232cea16a285201e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7aa556fa45c057f865d87c4da4114801 SHA-1: f1aef3fbd40e0c6b20c375fc90b59235c83243eb SHA-256: 232cea16a285201e0032e45e9db72004685a69f9ffe4c707f3fa50389e84fa8c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel spreadsheet. The ClamAV heuristic specifically names it as a Qbot dropper, indicating its purpose is to download and execute the Qbot banking trojan. No document body or scripts were extracted, but the heuristic is highly indicative of the attack pattern and family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.