How Does Dridex Hide Friends?

During an incident, CERT Sekoia investigated fraudulent money transfers. These transfers were made from a French firm account to other bank accounts based in different places in Europe. The fraud has been valued at 800 000 euros.

Initially, the bank of the French firm indicted an accountant officer of this firm for making these transfers. The transaction were made with 2FA authentication process.

CERT Sekoia has demonstrated that the accountant officer’s computer was compromised and his computer was certainly used to perform these transfers.

The compromising occurred in two stages: 

  • First, when Dridex arrived on the computer
  • Secondly, Dridex was used to download another malware (RAT).
Print Friendly, PDF & Email
Alexandra Toussaint

Alexandra Toussaint

Alexandra Toussaint

Latest posts by Alexandra Toussaint (see all)

Paul Rascagnères

Paul Rascagnères

Security research at CISCO Talos
Paul Rascagnères

@r00tbsd

Security Researcher, Malware analyst, Reverser at Talos - Opinions are my own and not the views of my employer - 3d hobbyist
RT @nolimitsecu: #Podcast #Cybersécurité Episode #159 conscacré à la conférence Botconf 2017 Avec @Gnppn @jeffman78 @newsoft @r00tbsd et… - 37 mins ago
Paul Rascagnères
Paul Rascagnères

Latest posts by Paul Rascagnères (see all)

Sébastien Larinier

Sébastien Larinier

Security researcher and freelance at Freelance
Sébastien Larinier

@Sebdraven

OSINT, Python,Malware Analysis, Botnet Tracker, SIEM and IPS/IDS and Threats Expert / co-organizer #BotConf / co-creator of #FastIR
RT @williballenthin: ElkJS is a seriously awesome library for laying out plots and diagrams. Easy enough to get started, yet still has a mi… - 12 hours ago
Sébastien Larinier