2020-04-30 - PASSWORD-PROTECTED ZIP FILES FROM GERMAN MALSPAM PUSH DRIDEX

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Password-protected zip archive from German malspam.

 


Shown above:  Screenshot of the extracted Word doc.

 


Shown above:  Initial Dridex DLL execution after enabling macros.

 


Shown above:  Pcap from an infection filtered in Wireshark.

 

Click here to return to the main page.