Rewterz Threat Alert – IcedID banking Trojan

Rewterz Threat Advisory – ICS: mySCADA myDESIGNER

November 10, 2021

Rewterz Threat Advisory – CVE-2021-42727 – Adobe RoboHelp Server Directory Traversal

November 11, 2021

Rewterz Threat Alert – IcedID banking Trojan – Active IOCs

Severity

High

Analysis Summary

IcedID banking trojan first appeared in the threat landscape in 2017, it has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Researchers first analyzed it noticed that the threat does not borrow code from other banking malware, but it implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. The attachment comes in the form of password-protected zip attachment asking user to enable macros which leads to installer dll and execution of IceID.exe

Impact

Stealing Financial Information
Exposure of Sensitive Data

Indicators of Compromise

MD5

073afba961621635a503024c19f14579
df90b2e12b0377db82d6a1cdcf3b8ad8
ff5f9201e8bca81a126ea15a536e5eed

SHA-256

f4d185f32721b1c2da2dfdf291154a0c3927fea3e267a4f88f99a49d36ef149a
f071bb54ef89464b10aec76d59532d8eb0087b32508a584fbf7a9e3f78cff9d0
efa0c9fc855126fffc9e80bf8de21fa10ab736e14d1956d025b450969a38450c

SHA-1

6d0ae234e260e1075f50eed96743d3b65271331f
84c9316a004ec33e5a049583091c1ec1c31b76fb
9c009acb34a16c0a185df24d362da1b690003978

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.