skip to Main Content

Cybercrime, “New Invoice (s) for C394381487 are Available to be Viewed” conveys IcedID

Technical analysis by the Malware Hunter JAMESWT

“New Invoice (s) for C394381487 are Available to be Viewed” conveys IcedID. The xls attachment downloads and runs a dll, starting the malware infection

“New Invoice (s) for C394381487 are Available to be Viewed” is the subject of a malspam message to convey IcedID.

 

Xls attachment downloads and runs a dll, starting the malware infection. The payload is identical to that of the past few days which used the Agenzia delle Entrate as bait. IcedID (aka BokBot) is a modular banking trojan used by cybercrime to steal information and credentials from current accounts, e-commerce sites, providers and financial data.

Back To Top