Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2fa628c594cedc5a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 789ab3f640730409812b18dce25880c5 SHA-1: 5687398a0d9dd92da71c0330c703f4898a9cf8f3 SHA-256: 2fa628c594cedc5a08654edeea7b65d1d7005817c3ae52619ec1eba6af0f35ad

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically names it as a Qbot dropper, indicating its likely purpose is to download and execute the Qbot banking trojan. No document body or scripts were extracted, but the heuristic is highly indicative of the malware family and its delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.