TSPY_DRIDEX.AY
February 08, 2016
ALIASES:
Backdoor:Win32/Drixed.M (Microsoft); Trojan.Dridex (Malwarebytes);
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Spyware
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes then deletes itself afterward.
TECHNICAL DETAILS
File Size: 172,544 bytes
Memory Resident: Yes
Initial Samples Received Date: 20 Jan 2016
Arrival Details
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This spyware executes then deletes itself afterward.
Other Details
This spyware connects to the following possibly malicious URL:
- {BLOCKED}.{BLOCKED}.0.103:443
- {BLOCKED}.{BLOCKED}.18.230:443
- {BLOCKED}.{BLOCKED}.175.92:4143
- {BLOCKED}.{BLOCKED}.37.137:444
- {BLOCKED}.{BLOCKED}.146.223.:443
- {BLOCKED}.{BLOCKED}.133.248:444
- {BLOCKED}.{BLOCKED}.243.144:444
- {BLOCKED}.{BLOCKED}.228.199:443
- {BLOCKED}.{BLOCKED}.154.184:443
- {BLOCKED}.{BLOCKED}.114.130:443