. home.aspx



New Dridex Variant Evading Traditional Antivirus

June 28, 2019 / Kacy Zurkus

Only 10 days after malware researcher Brad Duncan reported analysis on a new variant of Dridex that bypasses mitigation of application whitelisting techniques by disabling or blocking Windows Script Host, eSentire discovered a new infrastructure pointing to a similar Dridex variant. “Dridex malware targets banking information and is delivered via email in the form of a malicious document with embedded macros,” eSentire Threat Intelligence wrote. “At the time of discovery only six antivirus solutions of about 60 detected suspicious behavior. About 12 hours later, on the morning of June 27, 16 antivirus solutions could identify the behavior.” As has been the case with the Emotet malware, Dridex has also had many iterations, with its presumed first appearance as Cridex back in 2011. “Over the last decade, Dridex underwent a series of feature augmentation, including a transition to XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-a...