skip to Main Content

Cybercrime, Dridex still leverages Intuit Quickbooks in its global campaign

Technical analysis by the Malware Hunter JAMESWT

Intuit Quickbooks is still lure in a Dridex global malspam campaign. The email, linked to an fake invoice, contains an xlsm attachment. This contacts a random link from an internal list and downloads the dll, which starts the malware infection

Dridex still leverages Intuit Quickbooks in its global malspam campaign. The email, written in English and referring to an alleged invoice, contains an xlsm attachment. This, if opened, contacts a random link from an internal list and downloads the dll, which starts the malware infection. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns around the world, especially with a courier theme. The targets are mainly companies, but not only.

The fake Quickbook mail

The image of the false invoice

 

The the dridex dll C2s

 

Back To Top