Qbot Office (OOXML) / .XLSX malware analysis — malicious · 266c296d7b51d79c

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e38892c5910cf896deee4662c3974c80 SHA-1: b51c69c617ae4954c4f0a59df6597fbd148684cd SHA-256: 266c296d7b51d79c321c6905255029668ca6130f008115d6d2377cb9f201d9b2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs were extracted from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.