#Dridex has big ambitions..

Dridex, Dridex. The bane of so many people's lives. My included. Has been 'quiet', i made a post in the hope it had gone away. It had not. It has returned with a couple of new Botnet ID's, 144 and another 1024 which i am still working on.

Includes a list of interesting targets.

The interesting part is the 'sgoldtrakpc' part, which leads to this conclusion:

FPS GOLD provides core processing and eBanking software for community banks across the United States. We offer the solution to all of your banking challenges—including ever-changing regulations and security threats. And the FPS GOLD solution is fully integrated, saving you time and money.
— http://www.fps-gold.com/about.aspx

From the sample Matt posted and the one i was analysing, included a comprehensive list of commercial banking applications, and also an improved list of enterprise applications. List is here see the comments for the full list.

Samples used in analysis here & here

Incidentally, Dridex has historically been delivered by an macro enabled document, Microsoft recently backported a good solution to blocking these from downloading malicious payloads using this - https://support.microsoft.com/en-us/kb/3115427 but it was exclusive to Office 2016. Thankfully, it's now in Office 2013! Please install this patch ASAP.