The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Technical analysis by the Malware Hunter JAMESWT
Dridex is back with an invoice-themed campaign
New Dridex campaign themed false invoices from a real company. The mail contains an xlsm file.
The image of the fake invoice
This, if opened, contacts a link from an internal list and downloads the dll, which starts the infection of the malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially on couriers and invoices. The targets are mainly companies, but not only.