skip to Main Content

Cybercrime, false Freightquote invoice conveys Dridex

Technical analysis by the Malware Hunter JAMESWT

A false Freightquote invoice conveys the new Dridex global campaign. The email xlsm attachment, if opened, contacts a random link from an internal list and downloads the dll, which starts the malware infection

A false invoice from the Freightquote courier conveys the latest Dridex global campaign.

The xlsm email attachment, if opened, contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns around the world, especially with a courier theme. The targets are mainly companies, but not only.

The C2s contacted by the malware

The macro of one of the xlsm with the following urls

Back To Top