skip to Main Content

Cybercrime, Dridex is back with courier-themed campaigns

Technical analysis by the Malware Hunter JAMESWT

Dridex is back in a courier-themed campaign with .xlsm attachment. This downloads a DLL that starts the malware infection chain. For now, detected emails that simulate DHL and UPS

Dridex is back to attack users with a global courier-themed campaign. The bait is the usual false invoice attached in .xlsm format, for now arrived from emails that simulate DHL and UPS. This, if opened, contacts a malicious link (only one for each xlsm), from which it downloads a DLL that infects the computer with the malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world. The targets are mainly companies, but not only. The texts in both cases are written in correct English, although there are no logos or visual references related to the expeditioners used as decoy.

The email that simulate DHL and UPS

The fake DHL invoice

The fake UPS invoice

DHL DNS HTTP/HTTPS requests / Connection

UPS DNS HTTP/HTTPS requests / Connection

 

 

Back To Top