Qbot Office (OOXML) / .XLSX malware analysis — malicious · 93475a5befe2ee6b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e5979f9b7dcd5c71d63b6f7b7683e843 SHA-1: 8fc49418454225d0aa03a2c1e23be8bf55c51bd0 SHA-256: 93475a5befe2ee6bc3f0c5d9db8f9e7a44cbb06b1b1667998abe3698d542df6b

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The file's metadata indicates it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. The primary function appears to be delivering a Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.