Qbot Office (OOXML) / .XLSX malware analysis — malicious · f5fee54315592e32

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 60c879d53406a54a508a71b48d94c1d0 SHA-1: 638a5717fbfb341f07b15953ce9f3bb0c563f211 SHA-256: f5fee54315592e32e54ce93fe04fb731978e44bd499f8e5ef7286dbcfc3d7cb5

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata indicates it's an older Excel file, which is common for macro-based malware delivery.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.