Qbot Office (OOXML) / .XLSX malware analysis — malicious · 98f6af6b5594c79a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 976ae518ef8cacc53690e6ee7b90c269 SHA-1: dd2ecced83e8f335223e2ffcbddd111aaa4a66dd SHA-256: 98f6af6b5594c79a8ce34c75723f17ed193a8fec44f703031215616867ec1f97

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020', strongly indicating it is a Qbot downloader. The detection suggests the Excel file is designed to execute malicious code, likely to download and install the Qbot banking trojan. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.