2 mails with different gz attachment contain the same chm file. This downloads and launches the malware. Stolen data is exfiltrated thanks to the FTP of a Bosnian company.
Cybercrime, Dridex still leverages Intuit Quickbooks in its global campaign
Technical analysis by the Malware Hunter JAMESWT
Intuit Quickbooks is still lure in a Dridex global malspam campaign. The email, linked to an fake invoice, contains an xlsm attachment. This contacts a random link from an internal list and downloads the dll, which starts the malware infection
Dridex still leverages Intuit Quickbooks in its global malspam campaign. The email, written in English and referring to an alleged invoice, contains an xlsm attachment. This, if opened, contacts a random link from an internal list and downloads the dll, which starts the malware infection. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns around the world, especially with a courier theme. The targets are mainly companies, but not only.
The fake Quickbook mail
The image of the false invoice
The the dridex dll C2s
Related Posts
