Qbot Office (OOXML) / .XLSX malware analysis — malicious · 40fa69fea818f675

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 32802836dab5f8f7d3fb41506a5cd01f SHA-1: df040ca30a668439df7396fad6b98d247b0a7433 SHA-256: 40fa69fea818f675548d882f915bda636ea4e706cdedc659190da2a87a14017c

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The document's metadata indicates it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs or scripts were extracted for detailed analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.