Qbot Office (OOXML) / .XLSX malware analysis — malicious · 76387f3ba761d4e9

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4487d4a525e28e041b50366fa3f0a049 SHA-1: 6269fa8def6aa2a48923bd533b92e232f2dc86eb SHA-256: 76387f3ba761d4e9d91eaab70fe5bf81b93856e8d98061fedccbdcd72109cf55

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata indicates it's an older Excel file, potentially leveraging older vulnerabilities or macro-based execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.