Qbot Office (OOXML) / .XLSX malware analysis — malicious · b984e37f116de914

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2194ca26fdef44d330741e065b0f891e SHA-1: 2b8e37561caf9068f31137ebaad308d10612c5d7 SHA-256: b984e37f116de9146e3cecf071afe5cf8869e0d429801aacb3435aa6728e57bd

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata indicates it is an older Excel file, which is a common format for such lures.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.