Qbot Office (OOXML) / .XLSX malware analysis — malicious · bea50c096b76bf34

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: dcacf0bfe1eeca8deb6f30be970f7391 SHA-1: c2e5806a79e072988d81ac0b281f9f98ec19cfe4 SHA-256: bea50c096b76bf344b4184756cf8349245052be5c78d4aae68c6be5991c32f67

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as a Qbot dropper, a known banking trojan. This suggests the file's primary purpose is to download and execute further stages of the Qbot malware. No other specific IOCs or scripts were extracted for further analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.