Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques
- A new variant of Dridex observed in July 2019 masquerades as legitimate Windows system processes to avoid detection. Â
- The variant uses five code injection techniques during its infection lifecycle: AtomBombing, DLL order hijacking, process hollowing, PE injection and thread execution hijacking.Â
- The code injection techniques were used against legitimateÂ