Dridex Banking Trojan Spreading in a password-protected Attachment

MalwareTech security researcher’s published new update for Dridex that allows cyber criminals to bypass spam filtering solutions. Cyber-criminals have several technique to protect their malware such as using password protected documents or archive to prevent antispam solution scan incoming emails attachments.
Password protected document will prevent automated antimalware scanners from reaching the attachment and scan email content. Here cyber-criminal is adding their malware to attachment and sending the password in the email to allow victim open the malicious RTF word document and obviously execute the malware.


mail sent by attackers sourced malwaretech

The macro will download and execute dridex loader to turn infected system to be part of botnet. Another technique used with the malicious script in the word document is pinging google DNS to delay the execution 250 time.
From the way that this attack designed it is focused to compromise corporate system rather than usual cyber user because it uses some advanced technique to bypass standard spam filtering solution.

If you receive a similar emails make sure to not click on any suspicious link and move this email to spam folder so your spam filtering solution update it’s definition and move similar future email to the junk folder.

You can read the full analysis over the following link: https://www.malwaretech.com/

Notify of
Inline Feedbacks
View all comments