Qbot Office (OOXML) / .XLSX malware analysis — malicious · d56e0dcb6d34c612

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fa6e727600d0c2daca5cffe13c38903c SHA-1: 4696ff075b3583166b1e1f5063ce6613c058a051 SHA-256: d56e0dcb6d34c612788715869ee0e9d670bb5326a9a3c7584dbe7567e3b803a9

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata and verdict confirm its malicious nature.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.