Qbot Office (OOXML) / .XLSX malware analysis — malicious · c09d92998f4de716

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7fbc7fe7a0fdb1c718dca0be9272c25a SHA-1: 95601e33de90744d290065f4089c6dfe3942bf5e SHA-256: c09d92998f4de7164d7012b986a571fd9368085bcc524d24cf76d8fa874c285f

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot downloader. The document's metadata indicates it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs or scripts were extracted for detailed analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.