Qbot Office (OOXML) / .XLSX malware analysis — malicious · b56e655b27cab0e0

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: acc11a7d1ebb02ac847cc7b97846cd38 SHA-1: bb33b66141efbdee72041f2839893d26569107db SHA-256: b56e655b27cab0e0a77e032b3a14c57603c8e30ad5eecbe8818ed6f6b6d7b43f

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as an Excel document with a critical ClamAV detection signature indicating it is a Qbot dropper. The file's metadata shows it was authored in 2006, which is older than typical Qbot activity, but the signature is specific. The primary function is to drop and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.