Qbot Office (OOXML) / .XLSX malware analysis — malicious · 976842e880d5be31

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ec8e6b64d3027a80ef8ceddb0c36e443 SHA-1: d311ca29978977c7ea6a3e5fafe3381c8d57ac5c SHA-256: 976842e880d5be31f008398117cf4fba46f36342e908952a984fc3a249820838

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata suggests it was created in 2006, but the detection signature is recent, implying it's an older variant or template. The primary function is to download and execute a Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.