Qbot Office (OOXML) / .XLSX malware analysis — malicious · 23d99b4a57f62694

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1e05214dd957f5f29cf92e67a7f04b72 SHA-1: 678f78dc7070f14c83f81746ea6ef711e5fd3e5e SHA-256: 23d99b4a57f6269407dd5450357f449793f05d95108e2f9d9add66eb7c1f6c4c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The document's metadata indicates it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. The primary function is to drop and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.