Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2e45ed3894104262

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2d667cc57dcd6f6b622b28e9b41a74d4 SHA-1: 72ec458e5f7e06aef7da4af4fc547544426c0a2c SHA-256: 2e45ed38941042624c700a0104152915d31cb178db44eae42f367e9a5e07f727

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests the file leverages Excel macros or embedded objects to initiate the malicious payload execution. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.