Qbot Office (OOXML) / .XLSX malware analysis — malicious · ba8535488c7194f7

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1d626cdb7fe78265fe5b68d818f5e3a5 SHA-1: 42381cb719e14a79d69536be4a3b38d928b9cb5a SHA-256: ba8535488c7194f71e8f67a090498d465d3ab4ccd469793f20cfe7870bae026c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata shows it was authored by Microsoft Excel, and its creation date is old, but the detection signature is recent. This suggests the file is designed to execute malicious code, likely to download and install the Qbot banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.