The rar attachment contains an exe file: the malware itself. Objective: to steal information from the victim.
Technical analysis by the Malware Hunter JAMESW
New Dridex global malspam campaign themed Intuit and invoices. The attachment, a .doc file, contacts a random link from an internal list of eight and downloads a DLL, which starts the malware infection
Dridex returns to using Intuit and invoices as bait to spread in a global malspam campaign. In the last few hours, some fake emails from the expeditioner have arrived with a .doc attachment. This, when opened, contacts a random link from an internal list of eight and downloads a DLL, which starts the malware infection chain. The company had already been exploited in October for a similar campaign, which however was based on xls attachments. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.
The false Intuit email
The fake invoice
The list of eight links that download the DLL