The email attachment contains an exe file, the malware itself, which downloads other payloads. At the moment, however, it is not known what they are.
Technical analysis by the Malware Hunter JAMESWT
Quakbot exploits malicious xls armed with SilentBuilder. The latest signed campaign uses SHOECORP LIMITED corporate certificates to trick anti-viruses and download malware
Quakbot’s global signed campaign is still evolving and starting to use malicious xls files, armed with SilentBuilder. The latest company exploited is SHOECORP LIMITED. Its certificates were used to sign the Excel attachment, an executable file. The goal is to deceive the antivirus and allow victims to download and install the malware through the attachment and a link that downloads a dll, from which the chain of infection starts. QuakBot (aka Qbot) is a modular cybercrime banking Trojan known for targeting companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.