Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9cb4543240f37d27

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4a62bc4581e2e0601a741f6907a1b9d9 SHA-1: d89d54c34c84b8bbdba9aa891f3db9c968f9836b SHA-256: 9cb4543240f37d277438de8df70ed10deb457997c2d82e3f644a6e69a23f5058

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot downloader. The document's metadata indicates it was created in 2006, but the detection name points to a more recent Qbot variant. No further IOCs or scripts were extracted for detailed analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.