Threat Intelligence – Dridex Malware Latest IOCs

0

Dridex is a form of malware that targets its victim’s banking information. Malware, or malicious software, is a type of software intended to cause harm to a user. Specifically, Dridex malware is classified as a Trojan, which hides malicious coding within seemingly harmless data. The main goal of Dridex malware is to steal sensitive details from its victim’s bank accounts, for example, their online banking credentials and financial access.


Credits : Research by ExecuteMalware

Indicators of Compromise

THREAT IDENTIFICATION: DRIDEX

SENDER EMAILS
[email protected] [.]intuit [.]com

SUBJECTS
Reminder: Invoice 714873

MALDOC FILE HASHES
714873 [.]xls
5c3a1b785f532a889980751123e3ffce

PAYLOAD DOWNLOAD URLS
https://vegasvulkangermany [.]veronafoodbd [.]com/nteqdu5 [.]rar
https://sydwaltcrmfrontend [.]khholdings [.]co [.]za/d5mvar80 [.]zip

PAYLOAD FILE HASHES
nteqdu5 [.]rar
340994098deb6bf6fa91f73350af7c15

Renamed to:
trtsivqq [.]dll
340994098deb6bf6fa91f73350af7c15

Also:
d5mvar80 [.]zip
17d87654aea66ba8a0d416be95fac1b4

DRIDEX C2
https://146 [.]185 [.]170 [.]249/
https://62 [.]75 [.]251 [.]60:6601/
https://185 [.]148 [.]168 [.]25:2303/

EMAIL BODY
Your invoice is attached [.] Please remit payment at your earliest convenience [.]

Thanks for your business!
INVOICE 714873
DUE 04/19/2021
$1,330 [.]00
Review and pay
Powered by QuickBooks
If you receive an email that seems fraudulent, please check with the business owner before paying [.]

© Intuit, Inc [.] All rights reserved [.] Privacy | Security | Terms of Service

SUPORTING EVIDENCE
https://www [.]virustotal [.]com/gui/file/da81aa0dd37baccdbdc7f7f9a3619d6e85155f8bd67fcd2fafdbe534443fdc0c/community


Previous articleThreat Intelligence – Bazarcall Malware Latest IOCs
Next articleWhat is Mitre Shield? Active Defense for advanced attacks
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here