Qbot Office (OOXML) / .XLSX malware analysis — malicious · cf4bea8e9abc5882

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 04ce29de970a58976892b2308a9e12f6 SHA-1: 02c11d7590ab1180acad3e605bb03611c5e20415 SHA-256: cf4bea8e9abc5882f5e1e98b1fe37836ff58e7561ae632a1ced0a681f9e19e6d

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The document's metadata indicates it was created in 2006, which is unusual for modern Qbot campaigns but does not preclude its use as a loader. No further details on the delivery mechanism or specific IOCs were extracted.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.