Palo Alto Networks cybersecurity experts: The malware has several capabilities and, along with the gang’s name, references to Ascension of Isaiah 2:4.
Technical analysis by the Malware Hunter JAMESWT
Dridex returns with the Intuit (QuickBooks) themed campaign. The email contains a link that downloads a .doc document. This, if opened, contacts a link that downloads a DLL that infects the PC with malware
Dridex returns to using Intuit (QuickBooks) in its global campaign. In these hours, a series of emails on false invoices circulate, but without attachments. In the text there is a link that, if open, downloads a .doc document. This, once started, downloads a DLL that infects the victim’s computer with malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.
The fake Intuit QuickBooks mail
The .doc document that contacts a link and downloads the DLL