IcedID, also known as BokBot, is a modular banking trojan that targets user financial information and is capable of acting as a dropper for other malware. It uses a man-in-the-browser attack to steal financial information, including login credentials for online banking sessions.
Credits : Research by ExecuteMalware
Indicators of Compromise
THREAT IDENTIFICATION: ICEDID
SUBJECTS OBSERVED
Re: Reset Password
SENDERS OBSERVED
ovonrueden@colegiomexicanocoloproctologia [.]org
MALDOC FILE HASHES
catalogue (39) [.]zip
02c59abccae9111eecb8d4b07320a1f2
document-1992284186 [.]xlsm
7f466e4a9bd2dccb435221e80a098b26
PAYLOAD DOWNLOAD URLS
http://rcwj22jxyvt03swnlt [.]xyz/grays [.]gif
grays [.]gif
22f52089fd030b5f2c096631a61d5e01
This is a 64-bit [.]dll file
ICEDID C2s
http://lightopridum2 [.]website
SUPPORTING EVIDENCE
https://app [.]any [.]run/tasks/3e106ce4-b362-4b6d-97b4-ed417e2d30b4/
https://tria [.]ge/210322-gm2a3h9emn
https://www [.]virustotal [.]com/gui/file/7b0290fdb87e425a869defb681c5fbbed330a000c0cdb6e8c9c52b0e8b1b5492/detection