skip to Main Content

Cybercrime, Dridex conveyed by false UPS invoices and Cutwail botnet

Technical analysis by the Malware Hunter JAMESWT

Dridex leverages fake UPS invoices and the Cutwail botnet to spread in a new global campaign. The email contains a link that downloads a .doc attachment. The file contacts a random url from an internal list of nine and downloads a DLL, which starts the malware infection

Dridex uses an attachment a link and a word attachment to spread itself in a global malspam campaign. Within an email, presumably a UPS invoice, there is a link to a url which, if opened, downloads a .doc file. This contacts a random link from an internal list aof nine nd downloads the DLL, which starts the malware infection chain. Moreover, as cybersecurity researcher moto_sato detected, malicious documents are distributed by the Cutwail botnet. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The .doc attachment

The link list

The Powershell of the .doc document

Dridex C2

Back To Top