Home Malware Programs Trojans Dridex

Dridex

Posted: October 29, 2014

Threat Metric

Threat Level: 8/10
Infected PCs: 30
First Seen: October 29, 2014
Last Seen: November 24, 2021
OS(es) Affected: Windows

Dridex is an updated variant of Cridex, a banking Trojan and worm. Like its predecessor, Dridex steals bank account information for the purpose of enabling fraudulent money transactions by using attacks with low-visibility symptoms. While multiple nations are under attack from Dridex's current campaign, United States-based PC users are at particularly high risk for infections. E-mail security protocols and the possession of good anti-malware solutions will provide the best protection from Dridex, and related high-level threats.

Compromising Your Finances with Careless E-mail Clicks

Dridex, a recent re-release in a string of banking Trojans that include Cridex, Feodo and Bugat, is using a slightly new distribution tactic to install itself onto vulnerable PCs. Whereas its ancestors have been seen using EXE file attachments, the Blackhole Exploit Kit and the Phoenix Exploit Kit, malware researchers have seen Dridex installed via Microsoft Word documents. Current vulnerabilities rely on the use of in-document macros, which, by default, Microsoft disables as a security measure. However, for PC users who enable this feature, opening these documents may infect their PCs with Dridex with no additional prompts.

Dridex's compromised documents distribute themselves through e-mail, similar to previous attacks that distributed executable installers. These messages are fraudulently identified as invoice transactions from various, reputable companies, such as Humber Merchants LTD (a plumbing and construction company). With Dridex's installation, victims should be aware of the following security risks, all of which also pertain to past versions of associated Trojans:

  • Dridex may modify your browser's content or intercept its communications to confiscate bank account information, including user names or passwords.
  • Dridex may exploit removable hard drives or local networks to infect other PCs.
  • Dridex may conceal itself in the memory processes of unrelated applications. One sign of such a security risk is observing a spike in memory usage from a safe program or unusual behavior (such as a refusal to be terminated from Task Manager).
  • Dridex also may communicate with remote servers, which might allow Dridex to install other threats or transfer off stolen data.

Saving Your Funds from an International Trojan

Dridex's last campaign, which began in mid-October of this year, has especially targeted the United States, but other regions, including the United Kingdom, Israel and Germany also are under attack to lesser degrees. Prior campaigns by associated banking Trojans have focused on different nations, with Germany being an especial favorite. However, in most cases, suspicious e-mail links and file attachments remained the primary distribution method.

In cases of e-mail-based threat transmission, malware experts urge all PC users to exercise reasonable caution about fraudulent e-mails disguised with references to real companies. Since opening file attachments is a well-known security risk, legitimate companies never will ask you to do so for the purpose of viewing invoices or other transaction data. Such e-mails should be deleted on sight, unopened. If a Dridex infection already has occurred, you should use anti-malware tools to delete Dridex, and avoid any unneeded contact with other machines that could risk spreading the infection.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



333.exe File name: 333.exe
Size: 55.29 KB (55296 bytes)
MD5: ac1d437e08bfe27942256da9e1ee1293
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 3, 2014
file.exe File name: file.exe
Size: 128 KB (128000 bytes)
MD5: c386007133c54d70b486ae182bb68eac
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 15, 2016
file.exe File name: file.exe
Size: 182.78 KB (182784 bytes)
MD5: afcf32eab13b416eb43e5ff2f0367c8c
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 13, 2016
file.exe File name: file.exe
Size: 274.43 KB (274432 bytes)
MD5: 3fd1d6f9f3d2ea48c55f5db3192d3398
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 7, 2016
file.tmp File name: file.tmp
Size: 630.97 KB (630976 bytes)
MD5: 33d137598c03069197bd47bdaab30774
Detection count: 13
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
Last Updated: April 25, 2016
file.exe File name: file.exe
Size: 142.62 KB (142628 bytes)
MD5: aea48ee4aa6f4b44bde2ee2f44dfb95e
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 19, 2017

Related Posts

Loading...