Qbot Office (OOXML) / .XLSX malware analysis — malicious · b1574c52eea7bce9

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5f03b072ef44e084458d92ed3303719d SHA-1: 22a52b65c78162ccb9b7652b353925474aaee107 SHA-256: b1574c52eea7bce9c1ff3f2340f30d117085efdd4d1534109b9915cec0f803d8

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot downloader. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot variants, but the detection signature is specific. No further IOCs or scripts were extracted for detailed analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.