Qbot Office (OOXML) / .XLSX malware analysis — malicious · b48a002583e04142

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c0a4fd7281da63258376546462646a2c SHA-1: 746f8ec4b62f7b91ee8b3f043411a063195dceb2 SHA-256: b48a002583e04142c57cf3c9d27d032fa03e16532c8614dd8dbc1f1180c7119d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs or document body content were extracted for analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.