Qbot Office (OOXML) / .XLSX malware analysis — malicious · d65065bda55d1ba0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8157604740e1153fa04c0bde4a1babe8 SHA-1: 5ef57288844a39b0d5f98a1c48842ff04a4301b6 SHA-256: d65065bda55d1ba06b34a7acc0b25eed2711a06b66c74f2d9a9b956c2d0ab83c

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot downloader. The document's metadata indicates it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs or scripts were extracted for detailed analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.