skip to Main Content

Cybercrime, Dridex attacks again with fake ADP mail

Technical analysis by the Malware Hunter JAMESWT

The Dridex campaign is back, this time hiding behind a fake ADP email. The .xlsm attachment, if opened, contacts a link chosen randomly from an internal list that downloads a DLL and infects the PC with malware

Dridex returns with a new campaign, hiding behind a fake email from the consulting firm ADP. The decoy are always alleged attached invoices, an .xlsm document. This, when opened, contacts a malicious link chosen randomly from a list within it that downloads a DLL and infects the computer with the malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The fake ADP email

The “invoice”

HTTP/HTTPS request

Back To Top