Qbot Office (OOXML) / .XLSX malware analysis — malicious · 20ca02dbeb4b7ac9

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4f770465e7378556581bb3ddb35b67be SHA-1: f5e50f5c51b5df0c2c7f78835245ac0284dde7bf SHA-256: 20ca02dbeb4b7ac9f2671eeb30b1d69e9a218aa05ae623fa65f3b851f3ea9db8

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata shows it was created in 2006, which is older than typical Qbot campaigns, but the detection name is specific. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.