skip to Main Content

Cybercrime, a hybrid Drixex-Smokeloader malware goes by fake invoices

Technical analysis by the Malware Hunter JAMESWT

A global campaign on fake invoices carries hybrid Drixex-Smokeloader malware. The xlsm attachment contacts a random link from an internal list and downloads the dll, which contains the hybrid between the trojan and the backdoor-loader

There is a hybrid malware consisting of Smokeloader and Dridex, which is currently being delivered through a global malspam campaign, which uses fake invoices as bait. The attachment is an xlsm file which, if opened, contacts a random link from an internal list and downloads the dll. This then downloads the hybrid malware formed by the two families. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only. Smokeloader, on the other hand, is a backdoor and a loader created to download further malicious codes.

The email with the fake invoice

The malware families attribution

Back To Top