Qbot Office (OOXML) / .XLSX malware analysis — malicious · a33797620a8d7e63

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 569639eed30deb025e47eae320e25c65 SHA-1: 8de20477ad1ffcc52dc2f82dba16abecbaa4e0c2 SHA-256: a33797620a8d7e638fdf40e0e158fabf3e2dca3e02a0fac84da379a6dc6f6fba

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically names it as a Qbot dropper, indicating its likely purpose is to download and execute the Qbot banking trojan. No document body or scripts were extracted, but the heuristic is highly indicative of the attack pattern and family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.