Security News > 2022 > February > Entropy ransomware linked to Dridex malware downloader
Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan.
Two Entropy ransomware attacks against different organizations allowed researchers to connect the dots and establish a connection between the two pieces of malware.
In a report today, Sophos principal researcher Andrew Brandt says that deeper inspection of the Entropy malware was prompted by a detection signature that had been created for catching Dridex.
"The instructions that dictate how Entropy performs the first"layer" of unpacking are similar enough to Dridex that the analyst who looked at the packer code, and in particular the portion that refers to an API called LdrLoadDLL - and that subroutine's behavior, described it as "very much like a Dridex v4loader," and compared it to a similar loader used by a Dridex sample from 2018".
DoppelPaymer is attributed to the EvilCorp gang, which is behind the distribution of the Dridex banking trojan turned malware downloader via phishing emails.
The second attack deployed the Dridex malware on a computer belonging to a regional government organization.