2020-10-07 (Wednesday) - Malspam with XLSX attachments pushes Dridex

1. 2020-10-07 (WEDNESDAY) - MALSPAM WITH XLSX ATTACHMENTS PUSHES DRIDEX
2.  
3. EMAIL HEADER DATA:
4.  
5. - Date: 2020-10-07
6.  
7. - From: "Accounts Dept." <noreply@dhl.com>
8. - From: UPS Billing Center <Invoice-notification@ups.com>
9. - From: Invoice-notification@ups.com <Invoice-notification@ups.com>
10.  
11. - Subject: DHL Overdue Invoice Notice - 1724080874
12. - Subject: UPS Invoice Notification
13.  
14. - Attachment name: 202117071KA371285.xlsm
15. - Attachment name: 2256463051J2547I7.xlsm
16. - Attachment name: H321176987270.xlsm
17.  
18. SHA256 HASHES OF THE ATTACHED SPREADSHEETS:
19.  
20. - 9bea5cd43e299b1dcf722ab63d3162d0efaa6acd561260c9f5323dbc9ce71383 202117071KA371285.xlsm
21. - 0be0253ef0653faeda6da8f44b05e5c63035d1142efd90d63b41568d28458959 2256463051J2547I7.xlsm
22. - a86e178e1ff98b684fe5c47d4caa8d98430e8f2a2c7980df9249040d5c68639c H321176987270.xlsm
23.  
24. URLS GENERATED BY ENABLING MACROS:
25.  
26. - hxxp://ask-regard.call-save[.]biz/t12r3acb2.jpg
27. - hxxps://eae0908.gossnet[.]com/f4o56y9ko.txt
28. - hxxps://newmg532.wordswideweb[.]com/osn5u0wii.txt
29.  
30. SHA256 HASHES OF 2 DLL FILES RETURNED FROM THE ABOVE 3 URLS:
31.  
32. - 7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e
33. - b775a1f8663e7bdeef07cdd7497b91fa82dd7ab1015d138b2aeb8b51e77d3895
34.  
35. - NOTE 1: Location for both of the above files was: C:\ibQRmAmp\jCYsnVx\DxVmDcR
36. - NOTE 2: Run method: "C:\Windows\SysWOW64\regsvr32.exe" -s C:\ibQRmAmp\jCYsnVx\DxVmDcR.