Qbot Office (OOXML) / .XLSX malware analysis — malicious · 91f061cd91a771d2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 350bd4246429308230712ea1f691ff63 SHA-1: 73d7281e14d8371fb8f06d8dd9ea9ebae2623bc8 SHA-256: 91f061cd91a771d201dce7cd77b53af521e33834c2fd8efefc5f167a4196b250

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The document's structure and detection name suggest it is designed to exploit vulnerabilities or trick users into enabling macros to download and execute the secondary Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.