Qbot Office (OOXML) / .XLSX malware analysis — malicious · d750563f12766f17

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5ac6676402bd5a0da293483121400cbf SHA-1: 5340ca87d8653b2a917732f3842e82bb448e10fd SHA-256: d750563f12766f17e8ef4c5f22e479ed1fc22fd5416c81bbeb6711cf547eeb1f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically flags it as a Qbot dropper, indicating its likely purpose is to download and execute the Qbot banking trojan. No document body or scripts were extracted, but the heuristic is highly indicative of the malware family and its delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.