How Does Dridex Hide Friends?

Botconf 2016
Thursday
2023-04-28 | 14:40 – 15:00

Paul Rascagnères 🗣 | Sébastien Larinier 🗣 | Alexandra Toussaint 🗣

During an incident, CERT Sekoia investigated fraudulent money transfers. These transfers were made from a French firm account to other bank accounts based in different places in Europe. The fraud has been valued at 800 000 euros.
Initially, the bank of the French firm indicted an accountant officer of this firm for making these transfers. The transaction were made with 2FA authentication process.
CERT Sekoia has demonstrated that the accountant officer’s computer was compromised and his computer was certainly used to perform these transfers.
The compromising occurred in two stages:

  • First, when Dridex arrived on the computer
  • Secondly, Dridex was used to download another malware (RAT).


Video
Scroll to Top