Security researchers at eSentire tracked a new campaign spreading a variant of the Dridex banking Trojan that shows polymorphism. Malware researcher Brad Duncan first observed a new variant on June 17 that leverage an Application Whitelisting technique to bypass mitigation via disabling or blocking of Windows Script Host. The malware was using 64-bit DLLs with file names loaded by legitimate Windows system executables. At the time of discovery, using data from VirusTotal, only six antivirus solutions of about 60 detected suspicious behavior.”]
Source: https://securityaffairs.co/wordpress/87828/malware/dridex-banking-trojan-polymorphism.html