2020-04-27 - QUICK POST: DRIDEX MALSPAM AND INFECTION

ASSOCIATED FILES:

• 2020-04-27-Dridex-malspam-2-email-examples.zip   105 kB (105,276 bytes)

• 2020-04-27-Dridex-malspam-example-1-of-2.eml   (118,490 bytes)
• 2020-04-27-Dridex-malspam-example-2-of-2.eml   (116,664 bytes)

• 2020-04-27-Dridex-infection-traffic.pcap.zip   5.7 MB (5,665,498 bytes)

• 2020-04-27-Dridex-infection-traffic.pcap   (5,999,208 bytes)

• 2020-04-27-Dridex-malware-and-artifacts.zip   2.7 MB (2,693,688 bytes)

• 2020-04-27-initial-Dridex-DLL-retreived-by-XLS-macros.bin   (392,192 bytes)
• 2020-04-27-malspam-attachment-XLS-file-with-macro-for-Dridex.bin   (73,216 bytes)
• 2020-04-27-registry-entry-for-Dridex.txt   (720 bytes)
• 2020-04-27-scheduled-task-for-Dridex.txt   (3,658 bytes)
• 2020-04-27-startup-menu-shortcut-for-Dridex.bin   (1,878 bytes)
• MDal6VoM/SndVol.exe   (264,152 bytes)
• MDal6VoM/UxTheme.dll   (733,184 bytes)
• fhExRDaH/mmGK7xb/SYSDM.CPL   (733,184 bytes)
• fhExRDaH/mmGK7xb/SystemPropertiesPerformance.exe   (83,968 bytes)
• fhExRDaH/DUI70.dll   (1,015,808 bytes)
• fhExRDaH/phoneactivate.exe   (107,616 bytes)
• lL/WindowsActionDialog.exe   (60,928 bytes)
• lL/DUI70.dll   (1,015,808 bytes)

NOTES:

• Seems like everyone's been tweeting about this today, so here's a pcap, malspam, and malware samples.
• All zip archives on this site are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

Click here to return to the main page.