Technical analysis by the Malware Hunter JAMESWT

New malspam campaign of cybercrime to convey Dridex, also in Italy. It uses an xlsm attachment that contacts a random link from an internal list of over 30 and downloads a DLL that starts the malware infection

Dridex is hiding behind a new global malspam campaign, which uses a fake UPS invoice as a decoy. The goal is to have the potential victim open the attachment of the email, an xlsm file. This, in fact, contacts a random link from an internal list that contains over 30 and downloads a DLL that starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The false UPS email

The fake invoice

The links contacted to download the DLL and start the malware infection chain