Qbot Office (OOXML) / .XLSX malware analysis — malicious · ad938246ca7761bb

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 954324582ceeedbcc2313820d00501b8 SHA-1: c53e565dde5955e01a92a0526b202aec967d601d SHA-256: ad938246ca7761bb93705549f20c22d448ac8195ebf21f5f426c0e1d3c3d8ba9

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly indicates this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be delivered via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata and verdict further support its malicious nature.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.