Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4d7636eab9dc014b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9035ac45bf9179a98458a8309516437b SHA-1: 494c7c7e93034e400af09b8cedc9f29c3cdb1cdc SHA-256: 4d7636eab9dc014b037d853cb270666740f5778eb29c66abd04014750e8486f7

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata suggests it was created in 2006, which is older than typical Qbot campaigns, but the detection name is specific. It is likely intended to trick users into opening it and enabling macros, which would then download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.