Qbot Office (OOXML) / .XLSX malware analysis — malicious · be460284183d6b4c

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 83d941ec1cb3f570298b4e43e464f5eb SHA-1: 6c4637e2e6703a5b8afe24add3a83fa58e09b34b SHA-256: be460284183d6b4cf088eaff40d13bfcd0ac5b3657717aedb9dab913762ada40

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a Qbot dropper based on ClamAV heuristics. This type of malware typically uses malicious documents to lure users into enabling macros, which then download and execute further stages of the infection. The specific detection name 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests its role as a downloader for the Qbot banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.