Qbot Office (OOXML) / .XLSX malware analysis — malicious · f6aed216f3b4bd6f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 38731ad94e311547cf5b28901dbef5ac SHA-1: 3ecf33702098c78a64892f93b7260e5bbc3faa43 SHA-256: f6aed216f3b4bd6fe905e287ef8b1c559577187efe4c851958fec07689453e02

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The Excel format indicates it was likely delivered as a spearphishing attachment, relying on user interaction to execute its malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.