Qbot Office (OOXML) / .XLSX malware analysis — malicious · 40bb23adcd999301

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 156338056d64254c43ab96aff2afb992 SHA-1: 6fe963dc3de2622b7e755c0bdd938c1aed03c8a0 SHA-256: 40bb23adcd999301626e006db7fd1922609157d026f237e2523708a42d061781

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening a malicious attachment, which then executes the embedded malware. No scripts or document body content were extracted for further analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.