2 mails with different gz attachment contain the same chm file. This downloads and launches the malware. Stolen data is exfiltrated thanks to the FTP of a Bosnian company.
Technical analysis by the Malware Hunter JAMESWT
New global campaign Dridex uses Dropbox to spread. The link in the email downloads an xls file. This downloads the dll, from an internal list of URLs, starting the malware infection
New Dridex global malspam campaign uses Dropbox to spread. The email contains a link to the service.
This, if opened, downloads an xls file.
This then downloads a DLL from an internal list of URLs, starting the malware infection.
Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially on couriers and invoices. The targets are mainly companies, but not only.