Qbot Office (OOXML) / .XLSX malware analysis — malicious · 23987d214162f265

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 384fe74d2dbccd79f3dc6ad973887396 SHA-1: a986c340eab7b2e6500be7e1ef435f8036bb3e02 SHA-256: 23987d214162f265aa5fa69e006278df2b2d8ee16cfa4553473c6015c9626994

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot downloader. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs or script content were extracted for analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.