It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password.
Malware Hunter JAMESWT Technical Analysis
New IcedID campaign in Italy via malspam. The password-protected zip attachment (provided in the text) contains an RTF file, from which the dll is extracted directly, starting malware infection
” Re: Re::Desidero ardentemente che ti goda una giornata indimenticabile” is the subject of an e-mail, which conveys a new IcedID campaign in Italy.
The password-protected zip attachment (provided in the text) contains an RTF file, from which the dll is directly extracted, starting the malware infection. In this case no url is contacted.
IcedID (aka BokBot) is a modular banking trojan used by cybercrime to steal information and credentials from current accounts, e-commerce sites, providers and financial data.