HP Threat Research Blog • Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques

July 29, 2019 • Category: Threat Research • By: Ratnesh Pandey • Comments: 0

Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques

  • A new variant of Dridex observed in July 2019 masquerades as legitimate Windows system processes to avoid detection.  
  • The variant uses five code injection techniques during its infection lifecycle: AtomBombing, DLL order hijacking, process hollowing, PE injection and thread execution hijacking. 
  • The code injection techniques were used against legitimateÂ