Qbot Office (OOXML) / .XLSX malware analysis — malicious · 450e6a5039c50f72

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c8936973fd4830eb10024ca0700dc6ae SHA-1: 7348304871746728346f14a86bc3f2ed63b93166 SHA-256: 450e6a5039c50f729d712e0f56690a69577b6441fb7e751d628c0ab24788d10e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA scripts or document body text were extracted, the heuristic detection itself is sufficient evidence of its malicious intent to download and execute a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.