Technical analysis by the Malware Hunter JAMESWT

New Dridex campaign via fake Quickbooks invoice. The email xls attachment contacts a random url from an internal list and downloads the dll, which starts the malware infection

Quickbooks is back as a lure to convey a new global Dridex campaign. The e-mail on the false invoice contains an xls attachment.

This, if opened, contacts a random url from an internal list and downloads the dll, which starts the malware infection. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Malware’s C2