Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3a8871d2204043b2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9c2f86a8172b6344d6988dd26d8ade33 SHA-1: eada94bd71fc1506c5dc8b61127271fdb1c8a4d4 SHA-256: 3a8871d2204043b22ffc9f51039a5bfd79222d0ce752e697fa74db76080a93c2

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly indicates this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata and verdict further support its malicious nature.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.