skip to Main Content

Cybercrime, Dridex is hiding behind a false invoice

Technical analysis by the Malware Hunter JAMESWT

Dridex is hiding behind a false invoice. The xlsb attachment of the “Termination Letter November” email contacts a random url from an internal list and downloads the dll, which starts the malware infection

A false invoice is the latest bait used by cybercrime to distribute Dridex.

The xlsb attachment of the “Termination Letter November” email, if opened, contacts a random url from an internal list and downloads the dll, which starts the malware infection. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Malware C2

Malware Urls

Back To Top