Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9698f2fea7165da1

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0679a3011ea5ba0d933acc17e7afe6a6 SHA-1: 06ec88c938485e79641384842ae3421ac2de7eb1 SHA-256: 9698f2fea7165da10bcf46bd27aa0d1c068db2ca7d0c06f9bd93fc3a1da7e5f8

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. While no specific payload URLs or execution scripts were extracted, the detection indicates a malicious intent to download and execute further stages.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.