Technical analysis by the Malware Hunter JAMESWT

New Dridex malspam campaign. The lure is UPS and the malicious mail contains a .xlms attachment. This download a DLL that infects the pc with the malware

Dridex is back with the international campaign on the expeditioners. The last malspam lure is UPS and a supposed invoice. The objective is to get the victim open the attachment, an .xlms file. It downloads a DLL from https://www.enserve[.co[.uk/j50t68q.rar, that infects the computer with the malware. Dridex is a very dangerous banking Trojan that has long been the protagonist of cybercrime campaigns all over the world.

The email text

DNS HTTP/HTTPS requests / Connection