Dridex is a form of malware that targets its victim’s banking information. Malware, or malicious software, is a type of software intended to cause harm to a user. Specifically, Dridex malware is classified as a Trojan, which hides malicious coding within seemingly harmless data. The main goal of Dridex malware is to steal sensitive details from its victim’s bank accounts, for example, their online banking credentials and financial access.
Credits : Research by ExecuteMalware
Indicators of Compromise
THREAT IDENTIFICATION: DRIDEX
SENDER EMAILS
quickbooks@notification [.]intuit [.]com
SUBJECTS
Reminder: Invoice 714873
MALDOC FILE HASHES
714873 [.]xls
5c3a1b785f532a889980751123e3ffce
PAYLOAD DOWNLOAD URLS
https://vegasvulkangermany [.]veronafoodbd [.]com/nteqdu5 [.]rar
https://sydwaltcrmfrontend [.]khholdings [.]co [.]za/d5mvar80 [.]zip
PAYLOAD FILE HASHES
nteqdu5 [.]rar
340994098deb6bf6fa91f73350af7c15
Renamed to:
trtsivqq [.]dll
340994098deb6bf6fa91f73350af7c15
Also:
d5mvar80 [.]zip
17d87654aea66ba8a0d416be95fac1b4
DRIDEX C2
https://146 [.]185 [.]170 [.]249/
https://62 [.]75 [.]251 [.]60:6601/
https://185 [.]148 [.]168 [.]25:2303/
EMAIL BODY
Your invoice is attached [.] Please remit payment at your earliest convenience [.]
Thanks for your business!
INVOICE 714873
DUE 04/19/2021
$1,330 [.]00
Review and pay
Powered by QuickBooks
If you receive an email that seems fraudulent, please check with the business owner before paying [.]
© Intuit, Inc [.] All rights reserved [.] Privacy | Security | Terms of Service
SUPORTING EVIDENCE
https://www [.]virustotal [.]com/gui/file/da81aa0dd37baccdbdc7f7f9a3619d6e85155f8bd67fcd2fafdbe534443fdc0c/community