Qbot Office (OOXML) / .XLSX malware analysis — malicious · a22c0cd26061a922

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 592a1c3e38f7cfc172e38394feeb6794 SHA-1: 725a6720fad0fa86f7ae9f50f930c27fdba1a30d SHA-256: a22c0cd26061a922a70313643d7f64c219236b2826d72d8b72c4a9514f2c63b0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious attachment, which then likely executes the embedded malware. No document body or scripts were extracted, but the ClamAV signature is highly specific.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.