Qbot Office (OOXML) / .XLSX malware analysis — malicious · 19beadb210833897

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8d0438a574a955c8acb8912f4f62ca07 SHA-1: 15d180f36ee15850a73999ed42fa8e12fba88327 SHA-256: 19beadb210833897be369cfb0ca1839e22042ba7d9341aca55a0021f690445d1

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot campaigns, but the detection name is specific. No further IOCs or scripts were extracted for detailed analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.