skip to Main Content

Cybercrime, new Dridex campaign on false invoices

Technical analysis by the Malware Hunter JAMESWT

New malspam campaign to distribute Dridex via fake invoices. The emails contain an xlsm attachment which, if opened, contacts a random link from an internal list and downloads a DLL. This starts the malware infection

Dridex strikes with a new malspam campaign linked to fake invoices. The email contains an xlsm attachment which, if opened, contacts a random link from an internal list that downloads a DLL, which starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The mail with the fake invoice

The image of the false invoice

The confirmation that the sample is Dridex

Back To Top