Technical analysis by the Malware Hunter JAMESWT

New Dridex campaign with an Amazon theme. The bait is a shipping receipt, attached as an .xlsm file. This, if opened, contacts a random link from an internal list and downloads a DLL, which starts the malware infection

Dridex focuses on Amazon for a new global campaign. The bait is a false shipment with a receipt attached to the email. This is an .xlsm file which, when opened, contacts a random link from an internal list and downloads a DLL. That starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The fake Amazon mail

The image of the false invoice