Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9fbde9c2e6dce7a3

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f5259f2167e49970e586360d5631b7d8 SHA-1: e136d2a2b704defd1d71120225f91c6e23bad17f SHA-256: 9fbde9c2e6dce7a333b90505699ef83f0e43e3995d4e54c10e729b6664902c99

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it is a dropper for the Qbot banking trojan. The detection suggests the file is designed to exploit vulnerabilities or trick users into executing malicious code, likely leading to the download and execution of a Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.