Qbot Office (OOXML) / .XLSX malware analysis — malicious · b49684c2d309ebc3

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 45a5e7dbead97cdf1eae1740477a36dc SHA-1: d06f5e2562ee529ff6f25fe3e46d594cfbb82c74 SHA-256: b49684c2d309ebc3a370db0a246a6535227feb3ee5428aca583695fc7fba492c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The detection name implies the Excel document is intended to execute malicious code, likely via macro execution, to download and install further malware. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.