Qbot Office (OOXML) / .XLSX malware analysis — malicious · ebfe9fbd06baeb01

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 875d5fa29354940f5c821208258afa56 SHA-1: 5f152671dcde344a3177d7ac3611ad492d42b72c SHA-256: ebfe9fbd06baeb0191ee22d63790797f05b00a34be62c056188591f84269c306

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot downloader. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.