![]() The “INV_984748.xls” attachment was a Microsoft Excel document with an invoice theme in its naming convention, which is typical of many similar campaigns. ![]() Indrik Spider typically distributes Dridex malware via spam email phishing campaigns. ![]() Recently, these threat actors have also been known to leverage Dridex infections to move laterally within network environments and manually deploy the BitPaymer ransomware on high value targets. Dridex has the capability to perform web injects to steal banking credentials that may be monetized as a commodity themselves or leveraged in support of further wire fraud activities. The Dridex malware is a modular banking trojan and infostealer operated by a financially motivated criminal group referred to as “Indrik Spider” amongst other aliases. In this post, I will provide a brief overview of Dridex and then shift into a discussion of these anti-analysis techniques and how you can use some open-source tooling and Python scripts to overcome them. Further anti-analysis included a heavy dose of multi-layered DOSfuscation, also designed to disrupt analysis and evade sandboxes. This was an Excel document that had its VBA macro project “locked” by the threat actor to disrupt analysis. ![]() I came across a fairly interesting Dridex maldoc the other day, and I figured it was worth doing a quick write-up on the obfuscation and anti-analysis techniques I saw. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |