2020-05-01 - XLS MACRO --> LOADER EXE --> ICEDID (BOKBOT)

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Screenshot of the XLS spreadsheet.

 


Shown above:  XLS macro retrieves Loader EXE.

 


Shown above:  Loader EXE retrieves initial IcedID EXE.

 


Shown above:  Pcap from an infection filtered in Wireshark.

 

Click here to return to the main page.