It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password.
Technical analysis by the Malware Hunter JAMESWT
Dridex returns with the Intuit (QuickBooks) themed campaign. The email contains a link that downloads a .doc document. This, if opened, contacts a link that downloads a DLL that infects the PC with malware
Dridex returns to using Intuit (QuickBooks) in its global campaign. In these hours, a series of emails on false invoices circulate, but without attachments. In the text there is a link that, if open, downloads a .doc document. This, once started, downloads a DLL that infects the victim’s computer with malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.
The fake Intuit QuickBooks mail
The .doc document that contacts a link and downloads the DLL