Qbot Office (OOXML) / .XLSX malware analysis — malicious · b706ad2edf67f338

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 719d71d2560b9d0e30794bb2ede3d8d6 SHA-1: 45154112d407a36c6c8e2102d7645f47cac2caeb SHA-256: b706ad2edf67f3386fdb8c5d022d558cdef696810d06b333d539ccc9ab037796

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically names it as a Qbot dropper, indicating its likely purpose is to download and execute the Qbot banking trojan. No document body or scripts were extracted, but the heuristic is highly indicative of the attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.