A track record on Dridex Banking Trojan

Dridex is a banking trojan spyware which is known to distribute malicious attachment in e-mails. It evolved from earlier Cridex and Bugat variants. The aim of this malware author is to steal information, more specifically targeting your banking credentials. This malware alone has caused a move of millions of worth in last 6 years since when it all started. Just four days back, it’s config was was seen like this:

Dridex Impact on Us

Isn’t it banks where all our financial support resides SAFELY? At least by what they tell us. Now think about it next day you wake up, take a bath and make breakfast, next you reach your phone and check message from bank in notification bar. And It’s Gone!! All of it, at once. Your money just found a different owner. And you don’t stop here because you have investments managed through bank’s portal. Investments are gone too. All shares are sold at lower prices and SIPs are cancelled. Enough to add 10 heartbeats, well it’s just a short glimpse of one “day” that at GodHacker’s will i wish should never come to you.

Though one question: Are you prepared enough?

In early months of 2017, it was found hitting the targets in European countries with a good count. Seems like UK was on their hit list, then Germany and France.

In case you haven’t seen yet how it executes:

I am keeping a track record for it. Please find below IOCs that will help our Cyber security researchers out there in finding a better and FUST(Final Ultimate Solution to Threat).

 

Payload – Virustotal URL:

https://www.virustotal.com/en/file/1072e9f512abaafc1f510b31bcf56fd668f9f7cf558984052720aa85d311bca7/analysis/
 https://www.virustotal.com/#/file/f353055919269aebb1eb27bcc840b91a1b8cc414a0a7a60f16bdfc1cf753fb8b/detection

Payload – Hybrid Analysis URLs:

https://www.hybrid-analysis.com/sample/f353055919269aebb1eb27bcc840b91a1b8cc414a0a7a60f16bdfc1cf753fb8b?environmentId=100

Spam CTA URLs:

hxxp://15-minute-manifestation.com/Invoice-due-number-8658420986/hxxp://15-minute-manifestation.com/Invoice-due-number-8658420986/
hxxp://9paranormalindonesia.com/Invoice-due-number-749809/
hxxp://allindiasaltmaker.com/Invoice-due-number-2373/
hxxp://angeloeliapizza.com/Invoice-due-number-72654/
hxxp://aulehla.de/Invoice-6765-Message/
hxxp://bachhof.de/Invoice-due-number-7221/
hxxp://biquyettredep.net/Invoice-due-number-1434/
hxxp://chem.fst.unair.ac.id/New-invoice-180107/
hxxp://doktorfst.unair.ac.id/New-invoice-161133
hxxp://ericsandra.com/Invoice-number-04745-Notification/
hxxp://goodbrands.com.ua/Invoice-due-number-630399/
hxxp://hyundaimemphistn.gossetthyundaisouth.com/New-invoice-445531/
hxxp://itl.fst.unair.ac.id/Invoice-due-number-88069028/
hxxp://matrixconsultingcc.com/Copy-Invoice-12219/
hxxp://velokurier.net/Invoice-524599-reminder/
hxxp://volkswagenporschememphistn.gossettvwporsche.com/New-invoice-1092091/
hxxp://www.aexco.es/New-invoice-6124/
hxxp://www.ansana.cn/New-invoice-233096/
hxxp://www.motr.cn/Invoice-due-number-4758038/
hxxp://www.sq2mkt.com/Invoice-number-8728/

 

IP Connections:

137.74.56.0/24
176.31.182.208
176.31.68.0/24
176.31.68.171
178.32.83.0/24
178.33.134.0/24
188.165.226.208
188.165.248.30
91.121.114.223
91.121.12.216
92.222.107.0/24
94.23.193.209
94.23.218.33

Related Videos

 

I hope it helped. “Subscribe” is next thing you can do to help us to help you.

Have a good day.

For me, it’s the toughest thing to define oneself. I mean, It’s always better and easy to judge others, isn’t it?
I have hundreds of thing i can tell you about me but at the same time, i’ll be hiding hundreds of thing from you. I can tell you my Office friends call me Dionysus (Google can tell you why). “Dead Can Dance Kiko” Song is enough to tell what i like. I feel happy to share something i learn everyday which i think this site is a part of it.

You may also like...