Dridex, Dridex. The bane of so many people's lives. My included. Has been 'quiet', i made a post in the hope it had gone away. It had not. It has returned with a couple of new Botnet ID's, 144 and another 1024 which i am still working on.
Includes a list of interesting targets.
The interesting part is the 'sgoldtrakpc' part, which leads to this conclusion:
From the sample Matt posted and the one i was analysing, included a comprehensive list of commercial banking applications, and also an improved list of enterprise applications. List is here see the comments for the full list.
Incidentally, Dridex has historically been delivered by an macro enabled document, Microsoft recently backported a good solution to blocking these from downloading malicious payloads using this - https://support.microsoft.com/en-us/kb/3115427 but it was exclusive to Office 2016. Thankfully, it's now in Office 2013! Please install this patch ASAP.