Dridex is a banking trojan spyware which is known to distribute malicious attachment in e-mails. It evolved from earlier Cridex and Bugat variants. The aim of this malware author is to steal information, more specifically targeting your banking credentials. This malware alone has caused a move of millions of worth in last 6 years since when it all started. Just four days back, it’s config was was seen like this:
Dridex Impact on Us
Isn’t it banks where all our financial support resides SAFELY? At least by what they tell us. Now think about it next day you wake up, take a bath and make breakfast, next you reach your phone and check message from bank in notification bar. And It’s Gone!! All of it, at once. Your money just found a different owner. And you don’t stop here because you have investments managed through bank’s portal. Investments are gone too. All shares are sold at lower prices and SIPs are cancelled. Enough to add 10 heartbeats, well it’s just a short glimpse of one “day” that at GodHacker’s will i wish should never come to you.
Though one question: Are you prepared enough?
In early months of 2017, it was found hitting the targets in European countries with a good count. Seems like UK was on their hit list, then Germany and France.
In case you haven’t seen yet how it executes:
See Barkly in action against the Dridex banking trojan. #barklyblocks #dridex https://t.co/K3nUU6bqLF pic.twitter.com/KrrxCMvmyQ
— Barkly (@barklyprotects) October 24, 2017
I am keeping a track record for it. Please find below IOCs that will help our Cyber security researchers out there in finding a better and FUST(Final Ultimate Solution to Threat).
Payload – Virustotal URL:
https://www.virustotal.com/en/file/1072e9f512abaafc1f510b31bcf56fd668f9f7cf558984052720aa85d311bca7/analysis/ https://www.virustotal.com/#/file/f353055919269aebb1eb27bcc840b91a1b8cc414a0a7a60f16bdfc1cf753fb8b/detection
Payload – Hybrid Analysis URLs:
https://www.hybrid-analysis.com/sample/f353055919269aebb1eb27bcc840b91a1b8cc414a0a7a60f16bdfc1cf753fb8b?environmentId=100
Spam CTA URLs:
hxxp://15-minute-manifestation.com/Invoice-due-number-8658420986/hxxp://15-minute-manifestation.com/Invoice-due-number-8658420986/ hxxp://9paranormalindonesia.com/Invoice-due-number-749809/ hxxp://allindiasaltmaker.com/Invoice-due-number-2373/ hxxp://angeloeliapizza.com/Invoice-due-number-72654/ hxxp://aulehla.de/Invoice-6765-Message/ hxxp://bachhof.de/Invoice-due-number-7221/ hxxp://biquyettredep.net/Invoice-due-number-1434/ hxxp://chem.fst.unair.ac.id/New-invoice-180107/ hxxp://doktorfst.unair.ac.id/New-invoice-161133 hxxp://ericsandra.com/Invoice-number-04745-Notification/ hxxp://goodbrands.com.ua/Invoice-due-number-630399/ hxxp://hyundaimemphistn.gossetthyundaisouth.com/New-invoice-445531/ hxxp://itl.fst.unair.ac.id/Invoice-due-number-88069028/ hxxp://matrixconsultingcc.com/Copy-Invoice-12219/ hxxp://velokurier.net/Invoice-524599-reminder/ hxxp://volkswagenporschememphistn.gossettvwporsche.com/New-invoice-1092091/ hxxp://www.aexco.es/New-invoice-6124/ hxxp://www.ansana.cn/New-invoice-233096/ hxxp://www.motr.cn/Invoice-due-number-4758038/ hxxp://www.sq2mkt.com/Invoice-number-8728/
IP Connections:
137.74.56.0/24 176.31.182.208 176.31.68.0/24 176.31.68.171 178.32.83.0/24 178.33.134.0/24 188.165.226.208 188.165.248.30 91.121.114.223 91.121.12.216 92.222.107.0/24 94.23.193.209 94.23.218.33
Related Videos
I hope it helped. “Subscribe” is next thing you can do to help us to help you.
Have a good day.