Qbot Office (OOXML) / .XLSX malware analysis — malicious · dd52919fb56ba644

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9ed6a96f9b0ce9e3b0931800afb58002 SHA-1: 409d85b7ba0a8b66fefa81c8d04108d67f7e1ead SHA-256: dd52919fb56ba64479102cb462bb52cebe623be401ceeb44ec062f83a9368110

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The detection indicates a high likelihood of malicious intent, likely delivered via a phishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.