virus logo Virus

W32/Dridex.E!tr

description-logoAnalysis


 W32/Dridex.E!tr is a generic detection for a type of banking trojan that steals banking information from the user. Since this is a generic detection, files that are detected as W32/Dridex.E!tr may have varying behavior.
Below are examples of some of these behavior:

  • It drops the following modified copy of itself:
    • undefinedAppDataundefined\edg[Random].exe
    It then executes this dropped copy.

  • The malware attempts to connect to the following site:
    • 84.4{Removed}4 on TCP port 8080

  • The malware injects codes into explorer.exe.

  • The original copy of the malware is deleted after execution.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2023-04-25 91.02686
2022-10-17 90.06981
2019-04-02 67.50600 Sig Updated
ID 6463172
Released Nov 03, 2014
Description
Updated		 Dec 29, 2014
Aliases Trojan.Win32.Yakes.gxfz, Troj/Mdrop-GHZ, TSPY_DRIDEX.WQJ, W32/Trojan2.OLUR, Win32/Dridex.C trojan, Trj/Chgt.J, TR/Dridex.A.1
Platform Profile Win32 file format / PE 32 bit