Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2df84f15dd7f138b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f880d3259f3bcc76337d60a2dd4911c9 SHA-1: 6926a50adab227de236365831118076917b6f9aa SHA-256: 2df84f15dd7f138bf7a3b538c9c059ded6ceb9e0fc1cada99e8ae47435d9e1b6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The document's structure and metadata do not provide further details on the specific delivery mechanism, but the detection name itself points to its malicious intent.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.