Qbot Office (OOXML) / .XLSX malware analysis — malicious · 97796496cf2b5c23

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bc76c553fd0e3397376327ef5f5ea2ef SHA-1: 6afafdb690bda5b53eb823e814abb4eb1fd29f7b SHA-256: 97796496cf2b5c2366e5aef8901a5b5bf49cfca18652a919fccbd30f6770ae88

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. Qbot is a banking trojan known for its phishing capabilities and ability to download further malicious payloads. The file's metadata indicates it is an older Excel document, potentially used for initial infection vectors.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.