Qbot Office (OOXML) / .XLSX malware analysis — malicious · ef870659d15ada0b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 70cd68129fb1a93593c4fafe43376d2f SHA-1: bd8b731b296f9197732ac96e99bc5385878463c4 SHA-256: ef870659d15ada0bd30a886f03f70201ba53660efddb323eca3e4f295fd5a0dc

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The ClamAV heuristic explicitly identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper document. This type of document is typically used to deliver the Qbot banking trojan or other malware through malicious macros or exploits. The file's nature as an Excel document further supports its use as a delivery mechanism for initial compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.