Trusted Design

Dridex actors distributing the Shifu banking Trojan

概要

Following a month-long hiatus after a number of arrests, and despite a recent reported takedown, Dridex actors appear to have taken the recent disruptions as a challenge to bounce back better than ever. Proofpoint researchers analyzed the activity in the recent return to operations of the Dridex actors and identified numerous changes in behavior, from technical innovations to distributing other banking and data-stealing malware.

Created: 2026-02-23

Indicators

• FileHash-SHA256 - 6e6d80575154523a2b7207f8263f79b3c9cc08dcc30c23084d2c3103e15b41d7 -
• URL - http://allowclientaxpalagent.me -
• FileHash-SHA256 - dcc9c38e695ffd121e793c91ca611a4025a116321443297f710a47ce06afb36d -
• domain - jscclientagentdisa.me -
• FileHash-SHA256 - 92fe4f9a87c796e993820d1bda8040aced36e316de67c9c0c5fc71aadc41e0f8 -
• URL - http://clialjscnotjclientcli.me -
• FileHash-SHA256 - d6244c1177b679b3d67f6cec34fe0ae87fba21998d4f5024d8eeaf15ca242503 -
• URL - https://fat.uk-fags.top:443/nova/userlogin.php -
• FileHash-SHA256 - 4ff1ebea2096f318a2252ebe1726bcf3bbc295da9204b6c720b5bbf14de14bb2 -
• domain - useralcliclient.me -
• FileHash-SHA256 - 80ded7a1e98b524e7b4a123a741892a40b862d3f05d949ae88f401e94c4b1a6a -
• URL - http://rockron.com/~rockron/345gfc334/65g3f4.exe -
• URL - http://leelazarow.com/345gfc334/65g3f4.exe -
• FileHash-SHA256 - 93ecb6bd7c76e1b66f8c176418e73e274e2c705986d4ac9ede9d25db4091ab05 -
• domain - clientalalaxp.mn -
• FileHash-SHA256 - 51edba913e8b83d1388b1be975957e439015289d51d3d5774d501551f220df6f -
• FileHash-SHA256 - c9602e7c64ea66b4a90f9ad6ccabcbba4243dd04cbb87554a056e97239900258 -
• FileHash-SHA256 - 03626c8036299e08b705f193337d44934ee45ddc373a368c71e8ef073ec674e8 -
• URL - http://papousek.kvalitne.cz/656465/d5678h9.exe -
• URL - http://pmspotter.wz.cz/656465/d5678h9.exe -
• FileHash-SHA256 - 3fde1b2b50fcb36a695f1e6bc577cd930c2343066d98982cf982393e55bfce0d -
• FileHash-SHA256 - 6611a2b79a3acf0003b1197aa5bfe488a33db69b663c79c6c5b023e86818d38b -
• URL - http://www.profes-decin.kvalitne.cz/345gfc334/65g3f4.exe -
• FileHash-SHA256 - ae5daa6843232cf77e4e075aa7312e9df83a517111e857ee56dd553d6da3ca5c -
• FileHash-SHA256 - 7a29cb641b9ac33d1bb405d364bc6e9c7ce3e218a8ff295b75ca0922cf418290 -
• FileHash-SHA256 - 3956d32a870d81be34cafc867769b2a2f55a96360070f1cb3d9addc2918357d5 -
• YARA - 7432efb2d623c83d22c8a017907f460119c5f8d8 -
• FileHash-SHA256 - f7c1a6a0ed3b8acac3c9da8c7dc4b6861ab942ea69a5478a4228249d8a3a4416 -
• domain - clientalnothing.me -
• URL - http://85.93.5.21/vnc32.dll -
• FileHash-SHA256 - 0066d1c8053ff8b0c07418c7f8d20e5cd64007bb850944269f611febd0c1afe0 -
• FileHash-SHA256 - a8e2788f371decce59d5cf7f02b7cf187406ae277e370fea112b58a437a55577 -
• FileHash-SHA256 - 72e239924faebf8209f8e3d093f264f778a55efb56b619f26cea73b1c4feb7a4 -
• FileHash-SHA256 - a0b7fac69a4eb32953c16597da753b15060f6eba452d150109ff8aabc2c56123 -
• URL - https://freewebpj.com:443/news/userlogin.php -
• URL - http://ladiesfirst-privileges.com/656465/d5678h9.exe -
• URL - http://clientalnothing.me -
• FileHash-SHA256 - be8966a576167b2b151e0515fc46f7952d9a616754214550961bbf95fde420f7 -
• FileHash-SHA256 - 9f598aa8751d9a7b5a6afe1d6e1e930d92c2131bd2f7c1839ba94307934b1e91 -
• FileHash-SHA256 - a8b6e798116ce0b268e2c9afac61536b8722e86b958bd2ee95c6ecdec86130c9 -
• YARA - 5915862fdbaac989ed4c348270107c76356f5ef6 -
• FileHash-SHA256 - 457ad4a4d4e675fe09f63873ca3364434dc872dde7d9b64ce7db919eaff47485 -
• domain - agentclientclient.me -
• FileHash-SHA256 - 00c791c4a0a15aad0e09612c0d0c52ec1c512dbd305a75d0907fcbc55bc55029 -
• FileHash-SHA256 - 4881c7d89c2b5e934d4741a653fbdaf87cc5e7571b68c723504069d519d8a737 -
• URL - http://culinarysouthmountain.com/wp-admin/css/colors/midnight/07c1.jpg -
• domain - clialjscnotjclientcli.me -
• FileHash-SHA256 - 7f5fa44008064ca6cf59cf165770e4db8a7764bd14cf92586b8ecb65de756756 -
• FileHash-SHA256 - e30760f00946465475fd62d573052a7d7868212bdcf5d3b5f4a4cf636cf6230e -
• FileHash-SHA256 - 92f733da9ba440f0632b495a32742d47a5cb296f49127f210e14de412e371bf8 -
• URL - http://85.93.5.21/vnc64.dll -
• FileHash-SHA256 - 246ec2f4cdf0e18dc874644a09c369232ec70821a4b11a40dd7c133afb2ad70d -
• domain - allowclientaxpalagent.me -
• YARA - 489f782d67b91ec161bf38fc0333bf6a31976af9 -

類似Pulses

• Drixed / Dridex - Sophisticated Banking Malware (score: 0.81)
• 20160915 - Dridex Trojan (score: 0.79)
• Dridex is Back and Targeting the UK (score: 0.77)
• Dridex Banking Trojan (score: 0.77)
• Banking Trojan DRIDEX (score: 0.75)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る