Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2f68c4108c243b03

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 77cbbf5a31fc109dab9f818eccf1219b SHA-1: 501f66e719481b160ccfa1cce6b01acf82e5435b SHA-256: 2f68c4108c243b033929b6a7f9ebd7b24426ccd889dd7efe048b151737d1d97d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The critical heuristic firing indicates this Excel document is detected as a Qbot dropper. Qbot is known for its capabilities as a banking trojan and information stealer, often delivered via macro-enabled documents. The file's metadata and detection name strongly suggest its malicious intent is to download and execute a Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.