Qbot Office (OOXML) / .XLSX malware analysis — malicious · 5a160bad2753ee6f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7a9741806a61cd1b699f2229e9c903c3 SHA-1: 37c019636b79636566157e6211acddb150e6b47f SHA-256: 5a160bad2753ee6f9276b8d30976b899795658922366336f8e391cfa18b0fed2

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata indicates it's an older Excel file, but the detection points to a known malware family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.