Qbot Office (OOXML) / .XLSX malware analysis — malicious · b347a8a887a665a3

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 40b913b27c8926b83b47aefe2b817268 SHA-1: 85effcf5415007a0f953b416404ee76d0f38fc21 SHA-256: b347a8a887a665a355073e60316da954ae889e5cf8181ff6f6fead1f38824caf

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern is likely spearphishing, where the malicious Excel file is sent as an attachment to trick users into opening it. No further details on the specific payload delivery mechanism or IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.