The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Technical analysis by the Malware Hunter JAMESWT
New malspam campaign of cybercrime to convey Dridex, also in Italy. It uses an xlsm attachment that contacts a random link from an internal list of over 30 and downloads a DLL that starts the malware infection
Dridex is hiding behind a new global malspam campaign, which uses a fake UPS invoice as a decoy. The goal is to have the potential victim open the attachment of the email, an xlsm file. This, in fact, contacts a random link from an internal list that contains over 30 and downloads a DLL that starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.