2020-04-30 - PASSWORD-PROTECTED ZIP FILES FROM GERMAN MALSPAM PUSH DRIDEX

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-04-30-zip-attachments-and-extracted-Word-docs.zip   581 kB (580,852 bytes)
• 2020-04-30-Dridex-infection-from-attachment-in-German-malspam.pcap.zip   2.4 MB (2,436,254 bytes)
• 2020-04-30-malware-and-artifacts-from-an-infected-host.zip   2.0 MB (1,977,397 bytes)

 

IMAGES

Shown above:  Password-protected zip archive from German malspam.

 

Shown above:  Screenshot of the extracted Word doc.

 

Shown above:  Initial Dridex DLL execution after enabling macros.

 

Shown above:  Pcap from an infection filtered in Wireshark.

 

Click here to return to the main page.