Qbot Office (OOXML) / .XLSX malware analysis — malicious · 29f15ba4c73c7ac4

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6ff5136046ed3acf35cfddd47a8678d0 SHA-1: 7af86d105c5210348c8c82b66195fd2b8c9fb3e2 SHA-256: 29f15ba4c73c7ac47938836418426d1790b80012e0a1832c468ecaea759e14ea

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot downloader. The document's metadata shows it was authored in 2006, which is older than typical Qbot activity, but the detection name is specific. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.