skip to Main Content

Cybercrime, Dridex global campaign via xlsm and Cutwail

Technical analysis by the Malware Hunter JAMESWT

Dridex global campaign via xlsm and Cutwail. False xlsm invoice, distributed by the botnet, contacts a random link from an internal list and download the dll with starts malware infection

Dridex exploits a false xlsm invoice to spread itself in a global malspam campaign.

The file, if opened, contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain.

Furthermore, as cybersecurity researcher moto_sato discovered, malicious documents are distributed by the Cutwail botnet. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Dridex C2s

Back To Top