Qbot Office (OOXML) / .XLSX malware analysis — malicious · b464e680c9903715

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6405feeea08cd0fd0f615cefe45cc9ad SHA-1: e8056cb69e8445a6004d5c0640751ac1215e4636 SHA-256: b464e680c9903715a7b465f250e1c7b23bae80382eb540fe1981445a9014f1ae

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. It is likely intended to exploit a vulnerability or trick the user into enabling macros to download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.