IcedID

Detection Engineering Reverse Engineering Threat Hunting

Latrodectus [IceNova] – Technical Analysis of the… New IcedID… Its Continuation… Or its Replacement?

My first public malware research was for a strain of IcedID. A few months later, in my nighttime activities, I was working on technical analysis research for Sodinokibi (REvil), a Ransomware that is no longer seen, however, is part of the evolutionary history of the business model that we now know as RaaS. But, I […]

,

Latrodectus [IceNova] – Technical Analysis of the… New IcedID… Its Continuation… Or its Replacement? Read Post »

Detection Engineering Reverse Engineering Threat Hunting

IcedID – Technical Analysis of an IcedID Lightweight x64 DLL

My first public malware research was regarding an x32 PE stager (exe) from the IcedID family. In this research I analyzed three samples from different years, with the aim of identifying code reuse, and developing a Yara signature capable of detecting any IcedID sample, based on fixed code patterns persistent over the years. So you

,

IcedID – Technical Analysis of an IcedID Lightweight x64 DLL Read Post »

Detection Engineering Malware Analysis Reverse Engineering

IcedID – Technical Malware Analysis [Second Stage]

In this report I will technical analyze the new IcedID malware, go deep through reverse engineering, debugging and detection engineering. Introduction The IcedID is a banking malware design to steal financial information from your victims. The IcedID malware is also know by MITRE ATT&CK as S0483, and has been around since 2017. The IcedID has

,

IcedID – Technical Malware Analysis [Second Stage] Read Post »

Scroll to Top