Qbot Office (OOXML) / .XLSX malware analysis — malicious · fab1cc4ea49adf29

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 94af7ab3abb5a04b5e133e96dfbdae98 SHA-1: 48e248cc06ff4cb15bcdf612ad7a30f045ac86c0 SHA-256: fab1cc4ea49adf29bb39cd25d54f8cba55374d053e51dd407013a8227cc9146c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its malicious intent to deliver the Qbot banking trojan. The heuristic firing strongly suggests the file's purpose is to execute malicious code, likely through embedded macros or exploits, to download and run the Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.