The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Technical analysis by the Malware Hunter JAMESWT
The latest Dridex campaign goes from a fake Office Depot receipt. The email xls attachment contacts a random url from an internal list and downloads the dll, which starts the malware infection
A false Office Depot purchase receipt conveys the latest Dridex global campaign.
The email xls attachment, if opened, contacts a random url from an internal list and downloads the dll, which starts the malware infection. The campaign in this case is generic and does not specifically target our country. In fact, there are no IP checks or blacklists. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.