Technical analysis by the Malware Hunter JAMESWT

A false NetSuite invoice conveys the latest Dridex campaign. The email xls attachment randomly contacts a url from an internal list and downloads the dll, which starts the malware infection

A false NetSuite invoice conveys the latest Dridex global campaign.

The email xls attachment randomly contacts a url from an internal list and downloads the dll, which starts the malware infection.

Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Malware’s C2s