New Dridex Variant Evading Traditional Antivirus (Jun 28, 2019)
A new variant of “Dridex” malware has been discovered, according to an eSentire Threat Intelligence report from June 27, 2019. Dridex malware has been known to target Windows users who open email attachments in Word or Excel, causing macros to activate and download Dridex, infecting the computer and opening the victim to banking theft. The new variation that has been identified allows the macros to respond to different levels of employee engagement. The eSentire report explains that as of the morning of June 27, only 16 antivirus solutions of about 60 detected the suspicious behavior. Researchers believe that actors behind this variant of Dridex will continue to change up indicators throughout the current campaign, given the “tendency to utilize randomly generated variables and URL directories.”
Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. While use of anti-spam and antivirus may not catch this variant of Dridex, it is still highly encouraged that your business utilize these protections, and avoid opening email from untrusted or unverified senders.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.