IcedID Malware

IcedID, aka BokBot, is a banking trojan-type malware that can be used by attackers to steal banking credentials of users. IcedID mainly targets corporate bank accounts, providers of mobile service and card payment, as well as payroll, webmail, and e-commerce sites.

The IcedID malware is primarily dropped as a secondary payload from other malware, such as Emotet. After gaining initial access, IcedID bypasses the security of a firewall and establishes a connection through process-hollowing. IcedID seizes several API functions like “ntdll!ZwCreateUserProcess” and “ntdll!RtlExitUserProcess”. After execution, it removes the hooking code and creates a service host process, svchost.exe, which aids in writing itself into two dynamic link libraries: “KERNEL32.DLL” and “SHLWAPI.DLL". After this, it writes the payload into the device's “%ProgramData%” or “%AppData%” folder.

This video talks about the IcedID banking trojan, how it is executed, and ways to stay ahead of it. Watch the video to learn more—three minutes is all it takes!


Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.