Qbot Office (OOXML) / .XLSX malware analysis — malicious · 396cd1a35d8bf2d6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2913bb2baf9638b39d5c4e1f8d41008e SHA-1: d74e3e2bff97ff4b2cb8fb1994ced80948d080a9 SHA-256: 396cd1a35d8bf2d630b72a9f67fe7b8f23010bca09860698c74eea4a8c1f5a2c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document with a critical ClamAV detection identifying it as a Qbot dropper. This suggests the file is designed to download and execute the Qbot banking trojan. The specific ClamAV signature indicates a known malicious pattern associated with Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.