Qbot Office (OOXML) / .XLSX malware analysis — malicious · 7f2ce8939ca68267

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8e61d4d7354c9da9f6914a87b6d03dda SHA-1: 9c14337c51f737681419e961dda81da45f1c2669 SHA-256: 7f2ce8939ca68267f2461229c399b6ce0d8b00ae2669770c1b1f54e307bbd895

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0'. This indicates it is likely a dropper for the Qbot banking trojan, which commonly uses macro-enabled documents for initial infection. No further IOCs were extracted from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.