The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.
Technical analysis by the Malware Hunter JAMESWT
Walmart themed Dridex global campaign. The email xlsm attachment in the mail contacts a url from an internal list and downloads the dll, starting the malware infection
Walmart is the lure for a new Dridex global campaign.
The xlsm attachment in the mail, detected by malware_traffic, randomly contacts a url from an internal list and downloads the dll, starting the malware infection. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.