skip to Main Content

Cybercrime, the Dridex global campaign via Quickbooks evolves

Technical analysis by the Malware Hunter JAMESWT

The global Dridex campaign via Quickbooks evolves. The email xls attachment contacts a random url from an internal list and downloads the malware. The list, however, changes in each file

The waves of the Dridex global campaign via Quickbooks evolve.

The email xls attachment, if opened, contacts a random url from an internal list to download the dll and start the malware infection. Unlike in the past, however, the list changes in each file. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

Malware Samples

Dridex C2

Back To Top