Qbot Office (OOXML) / .XLSX malware analysis — malicious · d2753ebf0d89c15b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: af43b9aea320bd3f301865864f5428d5 SHA-1: bd13da9bd68059772c0fd8a9903354455cb1efed SHA-256: d2753ebf0d89c15bf86087afa0adee1d7da64289d6056b5ec2ed9df444f2382b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically names it as a Qbot dropper, indicating its likely purpose is to download and execute the Qbot banking trojan. No document body or scripts were extracted, but the heuristic strongly suggests the attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.