My first public malware research was for a strain of IcedID. A few months later, in my nighttime activities, I was working on technical analysis research for Sodinokibi (REvil), a Ransomware that is no longer seen, however, is part of the evolutionary history of the business model that we now know as RaaS. But, I […]
My first public malware research was regarding an x32 PE stager (exe) from the IcedID family. In this research I analyzed three samples from different years, with the aim of identifying code reuse, and developing a Yara signature capable of detecting any IcedID sample, based on fixed code patterns persistent over the years. So you
IcedID – Technical Analysis of an IcedID Lightweight x64 DLL Read Post »
In this report I will technical analyze the new IcedID malware, go deep through reverse engineering, debugging and detection engineering. Introduction The IcedID is a banking malware design to steal financial information from your victims. The IcedID malware is also know by MITRE ATT&CK as S0483, and has been around since 2017. The IcedID has
IcedID – Technical Malware Analysis [Second Stage] Read Post »