Qbot Office (OOXML) / .XLSX malware analysis — malicious · b710be517e567edb

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 955293266f2e567f615967199933fdbf SHA-1: a9eaa1d19e69a22b6c6d705bfb9a8c42190ec1eb SHA-256: b710be517e567edbaae5180e83d7f0ec2f3122dbbe21764f76f39517970ca0c2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious document, which then executes the embedded payload. No VBA or scripts were extracted, but the ClamAV signature is highly specific.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.