Qbot Office (OOXML) / .XLSX malware analysis — malicious · b0c038b84afd1abb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c96c36f02a0d9e8e153cd0f0a6e2d7f0 SHA-1: 4f3be02f3a14e4ecc40b0968ff7696ddc424d7f0 SHA-256: b0c038b84afd1abb21860fd7f6256d6a4fefaaccca0e75fea9c949e6617091da

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its purpose is to download and execute the Qbot banking trojan. The heuristic firing directly points to the malware family and its dropper functionality. The file's structure as an Excel spreadsheet suggests it was likely delivered via a phishing email as a malicious attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.