Qbot Office (OOXML) / .XLSX malware analysis — malicious · 27d96b2c90f6700a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: cd20c47eb40388b2c7dcef060e3e407d SHA-1: 9a57ae517826c29a653bbdeb5b0db4cc6b78a28c SHA-256: 27d96b2c90f6700a752dfcaaae26dfc2042b459db6a2291ece73501560d598bb

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot downloader. The document's metadata shows it was authored in 2006, which is older than typical Qbot activity, but the detection name is specific. The primary function is likely to execute malicious code or download a secondary payload upon opening.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.