skip to Main Content

Cybercrime, new Dridex campaign on false invoices

Technical analysis by the Malware Hunter JAMESWT

New Dridex campaign on false invoices. The xls attachment contacts a random link from an internal list of various URLs and downloads a Dll, which starts the malware infection

Dridex is also hiding today behind a malspam campaign on false invoices, which affects several countries. The message contains an xls attachment. This, when opened, contacts a random link from an internal list of various urls, from which it downloads a DLL that infects the computer with malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The email-trap

The fake invoice

Some links used to download the DLL

 

Back To Top