Qbot Office (OOXML) / .XLSX malware analysis — malicious · ae87b82d817d363b

MALICIOUS

Office (OOXML) / .XLSX

20.1 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4dddb0320eac6050d6360c92c104d05c SHA-1: 816db7af62de3dc200b88357a5341c6ce184cc93 SHA-256: ae87b82d817d363b159e072be2e2017dfe0bcf7fd3bc6a7c9dee0ff885eefc5f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This suggests the file is designed to act as a dropper for the Qbot banking trojan, likely delivered via spearphishing.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.