Dridex

Dridex Description

dridex banking trojanThe developers of the Trojan Cridex, also detected as Geodo, Feodo and Bugat, have released another version of this dreadful data collector Trojan called Dridex. Dridex main duty is to collect bank security data by adding automated scripts containing recurrent assignments into the Microsoft Office Package. Dridex started its infection campaign using Microsoft Word to dispatch messages allegedly, including financial documentation. Then, when the computer user opens the corrupted document, the added scripts may start executing their assignments and install Dridex.

By collecting your online banking-related data and sending it to remote servers, Dridex makes it possible for its creators to access your banking account and transfer the available money to their personal accounts. As any Trojan infection, Dridex is a highly harmful infection that must be removed upon detection. Manual removal is possible, however, due to its complexity, the safest removal method is using an up-to-date and reliable malware removal application.

Dridex, in its trojan horse form, dates back to 2015 but has had subsequent variations spotted beforehand. However, 2015 marks the year that Dridex made its biggest outbreak accounting for multiple campaigns targeting computer users throughout Europe. Dridex has been marked as most prevalent in the UK, Germany, France, and of course, the United States of America.

Dridex's complexities make it one of the most dangerous modern computer threats

Many newer versions of Dridex have appeared spreading various computer viruses. With its mass spread of malware threats, Dridex has earned itself a ranking of being one of the top 10 most popular threats of its type coming in at number seven in recent years, according to Flashpoint.

The many actions of Dridex range from it collecting personal data to injecting sites with malware. The primary objective of Dridex has been rather consistent residing with its ability to steal data, which is usually banking or login data where the hackers behind Dridex may leverage such information to eventually lead to theft of money or even cryptocurrency wallets.

There has been an ongoing change of hands of Dridex where it is actively sold to other cybercrooks who then utilize the malware to collect personal information of new victims. The action of Dridex injecting websites with malware eventually leads to actions that phish user logins and passwords.

Dridex has also been known to use a Botnet as a Service feature that makes infected PCs an attack source for future campaigns, essentially allowing the malware to spread faster and more efficiently. Such a notion has made threats like Dridex global sensations that have no geographic boundaries.

Who is behind Dridex?

The perpetrators behind Dridex, or what is referred to as "Evil Corp", the cybergang that created Dridex, come out of Russia where they have been seen living a rather lavish lifestyle driving supercars and evading law enforcement as a $5 million reward for their capture is being offered by the US Department of State.

The Evil Corp cybergang behind Dridex looks to have made away with millions of dollars in their endeavors of leveraging Dridex in many ways over the past few years. In that time, Dridex has seen ups and downs. Though, in recent months, Dridex has shown that it is not going anywhere, and the crooks behind the vicious malware are ramping up their efforts to make what was old all new again. In the battle against Dridex and similar threats, cybersecurity firms and antimalware researchers are having a difficult time tracing C&C servers associated with Dridex to ultimately bring the threat down. Dridex's advanced persistence mechanisms have kept the malware alive and thriving for many years.

Further uncovering Dridex and its lifecycle

The most recent development in combating Dridex at its source is the malware hunting service ANY.RUN, which has examined the lifecycle of Dridex not only detect the threat but to pinpoint its spreading methods and uncover ways that computer users may avoid future attacks.

The primary methods that Dridex uses to spread, also uncovered by ANY.RUN, is through spam email campaigns. Such a technique, which proves to be among the most effective way to spread malware even in today's landscape, allows cybercrooks to spread Dridex into targeted machines. Many of the spam messages are ones that are cleverly designed to look like financial related emails, most often containing a malicious MS Word document attachment.

Social engineering is commonly used to dupe computer users into opening and downloading the malicious attachments, which when they are run, they install the Dridex trojan.

Detection and removal of Dridex is left to antimalware software and sources like ANY.RUN, which has methods of unpacking the processes of Dridex when it infects a PC so it can then be safely detected and eliminated.

Technical Information

File System Details

Dridex creates the following file(s):
# File Name Size MD5 Detection Count
1 file.tmp 630,976 33d137598c03069197bd47bdaab30774 1
2 333.exe 55,296 ac1d437e08bfe27942256da9e1ee1293 0
3 file.exe 233,472 f86204bbaf52c0090f8c8ee4cd6a3ce8 0
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.