skip to Main Content

Cybercrime, fake hotel booking conveys Dridex

Technical analysis by the Malware Hunter JAMESWT

A false hotel reservation conveys Dridex. The xlsb attachment contacts random links from an internal list and downloads the dll, which starts the malware infection. It also tries to connect to the victim’s email client

A false hotel booking conveys the new Dridex global campaign.

The xlsb attachment, if open, contacts url random from an internal list and downloads the dll, which starts the malware infection.

Furthermore, it tries to connect to the victim’s email client to send the malicious message to the contact list.

Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Back To Top