The email GZ attachment contains a password-protected zip (not provided in the text), with an exe inside: the malware itself. It is not known what the next payload is.
Cybercrime, Dridex still leverages Intuit Quickbooks in its global campaign
Technical analysis by the Malware Hunter JAMESWT
Intuit Quickbooks is still lure in a Dridex global malspam campaign. The email, linked to an fake invoice, contains an xlsm attachment. This contacts a random link from an internal list and downloads the dll, which starts the malware infection
Dridex still leverages Intuit Quickbooks in its global malspam campaign. The email, written in English and referring to an alleged invoice, contains an xlsm attachment. This, if opened, contacts a random link from an internal list and downloads the dll, which starts the malware infection. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns around the world, especially with a courier theme. The targets are mainly companies, but not only.
The fake Quickbook mail
The image of the false invoice
The the dridex dll C2s