Qbot Office (OOXML) / .XLSX malware analysis — malicious · da0e3abecd05ee6b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: be481860c1326d4086d880813cf47eb5 SHA-1: 034ec0f72656a60201db8117d05182d22ab21cc7 SHA-256: da0e3abecd05ee6be1b593f7582594edd04b186afe2712d97c52fb9f2cd31058

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it is delivered via an Office document, likely exploiting social engineering to trick users into enabling macros or opening malicious content. This pattern is consistent with Qbot's typical distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.