IcedID, aka BokBot, is a banking trojan-type malware that can be used by attackers to steal banking credentials of users. IcedID mainly targets corporate bank accounts, providers of mobile service and card payment, as well as payroll, webmail, and e-commerce sites.
The IcedID malware is primarily dropped as a secondary payload from other malware, such as Emotet. After gaining initial access, IcedID bypasses the security of a firewall and establishes a connection through process-hollowing. IcedID seizes several API functions like “ntdll!ZwCreateUserProcess” and “ntdll!RtlExitUserProcess”. After execution, it removes the hooking code and creates a service host process, svchost.exe, which aids in writing itself into two dynamic link libraries: “KERNEL32.DLL” and “SHLWAPI.DLL". After this, it writes the payload into the device's “%ProgramData%” or “%AppData%” folder.
This video talks about the IcedID banking trojan, how it is executed, and ways to stay ahead of it. Watch the video to learn more—three minutes is all it takes!
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.
