Qbot Office (OOXML) / .XLSX malware analysis — malicious · d326aa14d54401ca

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 48b4bd2dad8d9ae71d81124f02350cfd SHA-1: be2ef49bcf074ac8ab9ec003fe0b9441f4b590f6 SHA-256: d326aa14d54401cae29bd76c803629e1bb87a543e4c554919bf7a5a565c7ebeb

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as a Qbot dropper, indicating its primary function is to deliver a malicious payload. While no VBA scripts or document body text were extracted, the heuristic detection strongly suggests a macro-enabled Excel file intended to execute malware. The Qbot family is known for its use in financial fraud and banking trojan activities.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.