2020-04-30 - PASSWORD-PROTECTED ZIP FILES FROM GERMAN MALSPAM PUSH DRIDEX
ASSOCIATED FILES:
- 2020-04-30-zip-attachments-and-extracted-Word-docs.zip 580 kB (580,010 bytes)
- 2020-04-30-Dridex-infection-from-attachment-in-German-malspam.pcap.zip 2.4 MB (2,436,254 bytes)
- 2020-04-30-malware-and-artifacts-from-an-infected-host.zip 2.0 MB (1,975,729 bytes)
NOTES:
- I assume these password-protected zip archives containing German language Word docs are coming in as attachments from malspam to German recipients.
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Password-protected zip archive from German malspam.
Shown above: Screenshot of the extracted Word doc.
Shown above: Initial Dridex DLL execution after enabling macros.
Shown above: Pcap from an infection filtered in Wireshark.
Click here to return to the main page.