skip to Main Content

Cybercrime, new IcedID campaign via email zip attachments

Technical analysis by the Malware Hunter JAMESWT

Cybercrime, new IcedID campaign via email zip attachments. Each one contains a different xlsm file that contacts a url from an internal list of 6 and downloads the dll activating the malware infection

New IcedID campaign uses email zip attachments as a vehicle.

These each contain a different xlsm file which, when opened, contacts a url from an internal list of six and downloads the dll that triggers the malware infection. IcedID (aka BokBot) is a modular banking trojan used by cybercrime to steal information and credentials from current accounts, e-commerce sites, providers and financial data.

Dll urls and C2s

XLSMs

URLS

Back To Top