Qbot Office (OOXML) / .XLSX malware analysis — malicious · 39f5a361420d7d93

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fde62efa99064bdc24c2f50b087a744f SHA-1: f3b004575d6df4eb1d021711e132fc8ae05f1151 SHA-256: 39f5a361420d7d931f652a53e2cb2e577f1b7bafa7ce00eeaab3605305a07de6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as a Qbot dropper. Qbot, also known as Qakbot or Pinkslipbot, is a banking trojan and information stealer often distributed via malicious documents. The detection suggests this file's primary purpose is to download and execute additional malware. No specific IOCs beyond the file hash were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.