Qbot Office (OOXML) / .XLSX malware analysis — malicious · 91154635c4a423ac

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a26fff3107f3206dd4e57650837e3cb8 SHA-1: 657c56a3a7183bed0eab3a47a000d2941a1859ad SHA-256: 91154635c4a423acedc88220a0041500568df3eeb8639916204915e85b905956

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically flags it as 'Xls.Dropper.QbotDocu', strongly indicating its purpose is to drop and execute the Qbot banking trojan. While no specific IOCs were extracted, the detection signature itself is a high-confidence indicator of Qbot activity.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.