Qbot Office (OOXML) / .XLSX malware analysis — malicious · c2b9a31cbe559efd

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4e782c5592bef6f36843f60f9152c86c SHA-1: 056eaeef479cdb39bf8fbf11d7c48eae45b5137f SHA-256: c2b9a31cbe559efd408b91a0fdff57dc58bba60ec13055f98b9f33e9a1fe05c6

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it is a dropper for the Qbot banking trojan. The primary function is to deliver a malicious payload, likely through macro execution or an embedded exploit.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.