2020-04-30 - PASSWORD-PROTECTED ZIP FILES FROM GERMAN MALSPAM PUSH DRIDEX

ASSOCIATED FILES:

• 2020-04-30-zip-attachments-and-extracted-Word-docs.zip   580 kB (580,010 bytes)
• 2020-04-30-Dridex-infection-from-attachment-in-German-malspam.pcap.zip   2.4 MB (2,436,254 bytes)
• 2020-04-30-malware-and-artifacts-from-an-infected-host.zip   2.0 MB (1,975,729 bytes)

NOTES:

• I assume these password-protected zip archives containing German language Word docs are coming in as attachments from malspam to German recipients.
• All zip archives on this site are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Password-protected zip archive from German malspam.

 

Shown above:  Screenshot of the extracted Word doc.

 

Shown above:  Initial Dridex DLL execution after enabling macros.

 

Shown above:  Pcap from an infection filtered in Wireshark.

 

Click here to return to the main page.