skip to Main Content

Cybercrime, Dridex exploits the UPS lure for spreading wordldwide

Technical analysis by the Malware Hunter JAMESWT

New Dridex malspam campaign. The lure is UPS and the malicious mail contains a .xlms attachment. This download a DLL that infects the pc with the malware

Dridex is back with the international campaign on the expeditioners. The last malspam lure is UPS and a supposed invoice. The objective is to get the victim open the attachment, an .xlms file. It downloads a DLL from https://www.enserve[.co[.uk/j50t68q.rar, that infects the computer with the malware. Dridex is a very dangerous banking Trojan that has long been the protagonist of cybercrime campaigns all over the world.

The email text

DNS HTTP/HTTPS requests / Connection

Back To Top