Files packaged with Excel-DNA from which a dll containing 2 urls pointing to Discord is extracted. These download data files and encode them with XOR creating additional DLLs, which initiate the malware infection.
Technical Analysis by the Malware Hunter JAMESWT
A false invoice conveys the latest Dridex campaign. The email xlsm attachment contacts a single url and downloads the dll, which starts the malware infection
The email xlsm attachment, detected by Salvatore Lombardo, contacts a single url and downloads the dll, which starts the infection of the malware.
Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.