skip to Main Content

Cybercrime, Dridex returns via couriers and invoices

Technical analysis by the Malware Hunter JAMESWT

New global Dridex campaign with couriers and invoices. The xlsm attachment, if open, contacts a random link from an internal list and downloads the dll that starts the malware infection

Dridex is back in a new global courier and invoice-themed campaign. The email contains an xlsm attachment which, if opened, contacts a random url from an internal list and downloads the dll, which starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.

The email-trap

The fake invoice

The internal url list, contacted randomly, to download the dll

The C2s

Back To Top