Qbot Office (OOXML) / .XLSX malware analysis — malicious · b0540dc871c6362c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3461f5e61b7c1235954773fcdc323653 SHA-1: 18b946ef4feb1d1b17a1126d8376248e34c3ed6d SHA-256: b0540dc871c6362cf29beb27695683649400d057aa67df0db24ee20ecbe1c500

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. This file likely serves as an initial infection vector for the Qbot banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.