IcedID Modular Malware Delivered By The Emotet Trojan

IcedID is a new modular malware that is delivered by the Emotet trojan to target financial and telecommunications organisations. It can also propagate over networks and infect terminal servers. First appearing in September 2017, IcedID does not recycle code from other malware but already has comparable features to more prominent trojans. This indicates its creators are highly experienced and are likely to add new features to the malware in the future.

It is deployed using the Emotet trojan as a dropper and requires a reboot to initiate installation. Once installed it sets up a local proxy to collect information before sending to four command and control (C2) servers using secure sockets layer (SSL). IcedID can also launch redirection attacks using a sophisticated scheme, including using the bank’s correct URL and SSL certificate, to collect user’s banking details.

A schematic view of IcedID’s infection and communication infrastructure is shown below –

Image via

Figure 3

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: