HP Threat Research Blog Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques

July 29, 2019 Category: Threat Research By: Ratnesh Pandey Comments: 0

Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques

  • A new variant of Dridex observed in July 2019 masquerades as legitimate Windows system processes to avoid detection.  
  • The variant uses five code injection techniques during its infection lifecycle: AtomBombing, DLL order hijacking, process hollowing, PE injection and thread execution hijacking. 
  • The code injection techniques were used against legitimate