A Deep Dive Into IcedID Malware: Part II – Analysis of the Core IcedID Payload (Parent Process)

In part I of the blog, I demonstrated how to unpack the IcedID malware, hooking and process injection techniques used by IcedID, as well as how to execute the IcedID payload. In this part, let’s take a closer look at the core payload. 0x01 Overview Of The Payload The following is Continue Reading

Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware

To survive, Macro downloaders have to constantly develop new techniques for evading sandbox environments and anti-virus applications. Recently, Fortinet spotted a malicious document macro designed to bypass Microsoft Windows’ UAC security and execute Fareit, an information stealing malware, with high system privilege. SPAM This malicious document is distributed by a Continue Reading