Technical analysis by the Malware Hunter JAMESWT

New malspam campaign to distribute Dridex via fake invoices. The emails contain an xlsm attachment which, if opened, contacts a random link from an internal list and downloads a DLL. This starts the malware infection

Dridex strikes with a new malspam campaign linked to fake invoices. The email contains an xlsm attachment which, if opened, contacts a random link from an internal list that downloads a DLL, which starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The mail with the fake invoice

The image of the false invoice

The confirmation that the sample is Dridex