Qbot Office (OOXML) / .XLSX malware analysis — malicious · 91027f5434c15e23

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 67dea13c0bfe9daa3a8776bb54bcc145 SHA-1: 55ca08e72ea5fcba39107f601634a9efc33e6ad2 SHA-256: 91027f5434c15e23dd8bccf90e3cc533a5e41b500494dab4e50707a800caafd2

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The document's metadata indicates it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. Without further script or body content, the exact delivery mechanism is unclear, but it is likely intended to trick the user into enabling macros or exploiting a vulnerability to download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.