{
	"id": "bb0302d6-d215-4b1f-8d1e-2f752e4c8067",
	"created_at": "2026-04-06T00:10:27.78094Z",
	"updated_at": "2026-04-10T13:12:10.738663Z",
	"deleted_at": null,
	"sha1_hash": "a4d30633ac85c9fa9a3d42361a7681ee35610835",
	"title": "Threat updates: A new IcedID GZipLoader variant | Threatray",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 746103,
	"plain_text": "Threat updates: A new IcedID GZipLoader variant | Threatray\r\nArchived: 2026-04-02 12:00:22 UTC\r\nSummary\r\nIcedId is a modular banking Trojan discovered in 2017. It is one of the most prevalent malware families in recent\r\nyears, targeting financial information and acting as a dropper for other malware families, such as Vatet, Egregor,\r\nREvil.\r\nGZipLoader is the loader component of the IcedID infection chain. Its purpose is to download and execute the\r\nfinal encrypted payload from the control panel. The encrypted payload mimics a GZIP file, which is why it is\r\ncalled GZipLoader.\r\nWhile monitoring our incoming malware feeds, we have detected a new version of the IcedID GzipLoader\r\ncomponent which is distributed since the beginning of February.  This version introduces new anti-analysis\r\ntechniques, whereas it is functionally equivalent to previous versions, except for the removal of the SSL-pinning\r\nfeature. The anti-analysis techniques that have been introduced are the dynamic resolution of Windows API\r\nfunctions and string encryption.\r\nDiscovery and timeline\r\nThe new loader version came to our attention while monitoring our incoming malware feeds. Threatray classifies\r\nmalware families using search algorithms that are based on code reuse analysis. We have seen (see image below)\r\nthat the confidence of our classification algorithms for IcedID has dropped from high confidence (“red”) to\r\nmedium confidence (“orange”). This was the trigger for further investigations.\r\nLooking for samples contacting a known IcedID URL.\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 1 of 10\n\nIcedID detection based on code reuse.\r\nLooking for instance at the analysis of the sample\r\ne1e9e84e84a24abaa8658d871515d32e21ed51f1c54812315155f4c88bbc8722eecbfbd we see that the virtual\r\nmemory region 0x4b0000 of the regsvr32 process contains 9 functions that are related to IcedID GZipLoader\r\ncomponent.\r\nRetrohunting for similar GZipLoader samples.\r\nUsing our retrohunting capabilities, we have searched through our platform for samples that contain a similar\r\nloader (see image below).\r\nThe earliest sample in our feeds with this new loader is from February 9th, 2022.\r\nDetailed analysis\r\nThe new version of the loader resolves imports dynamically, whereas the old version does not:\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 2 of 10\n\nThe second functionality that has been added to the new loader is string encryption:\r\nStrings are hidden using a technique commonly known as stacked strings, which is combined with simple XOR\r\nencryption.\r\nThe following code is in charge of decrypting the strings using XOR operations:\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 3 of 10\n\nA Python version of the decryption function for POST requests is as follows:\r\nThe same string decryption method is used throughout the binary.\r\nThe string encryption code is in-lined (as opposed to take place in a dedicated function). This new code changes\r\nthe control flow graph of all functions which are referencing strings. This could break some detections rules based\r\non patterns recognition such as YARA rules. We thus recommend to double-check your detections rules for\r\nIcedID.\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 4 of 10\n\nRetired features\r\nWe have also realized that in this new version, the SSL-pinning feature has been removed. For more details about\r\nthis feature, we highly recommend reading the report from Group-IB on the old version (https://blog.group-ib.com/icedid). To summarize, IcedID sets a callback when it sends data to a legit server (mostly to\r\naws.amazon.com) and it verifies the checksum of the public key from the server’s certificate.\r\nAs you can see in the image below, in the old variant when the set_bot_information() function is called, the result\r\nof SSL_pinning_feature() is passed as argument. However, in this new variant (since the feature has been\r\nremoved) the value passed to set_bot_information() is hardcoded to 1.\r\nSearching in our telemetry for IcedID samples , we see that the most prevalent URL among all IcedID samples\r\nwas aws.amazon.com, due to the SLL pinning feature.\r\nHowever, if we limit the search scope to the last 2 weeks, we can confirm that the aws.amazon.com URL is no\r\nlonger used.\r\nAnother less important change that occurs in this version is that the function responsible of decrypting the\r\ncommand and control has disappeared. In this new version the code of this function is in-lined in the main\r\nfunction.\r\nIoCs\r\n02e58a9e73e314497356a4d420f83584ccb85d49edce98a36f9e738b85ca637f\r\n03a41a586c17dd1bd79aa20dfa9a0b1e11d8b0acc21d687bfc3953baf8907a86\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 5 of 10\n\n03c12545f5dd6cb2a36fcc6da5184cda9259d71f2d12f537cb916a7029654330\r\n05e15f807b0e89e6af4c42a38ca8100ce0064f63530abad455334b31a2a69c88\r\n05e4a3ef8a29fd09f10e500acf62d628b77b2719b5664a011e66811af6509a69\r\n0990cb15328b1784aa0338e5f21eaf771b2ec1a6b0ac16d30d94c30e33741312\r\n09edd4cda6f4dc5bb313570bf5c206b3691f4453d15bf742460cec8c0d4aff7d\r\n0d8041601a71723fd9a41e1350cb8baabd9a690a26f12723bccc8a91b461245a\r\n0f5fbad82dae02e2a48775762f8ff0eb067eb4f81ce637607ac893d4e0c613b3\r\n10a841e167daefdba33ce9fd8e5f3b0c2a30c1e3c37f034c0bffdbaf97a5db5f\r\n134774292f7745f4b91b833735e03c6b8e21197606511b5b1bde965e9cb3f515\r\n15f8da5acf0b2b3e7334ef9d15e290758fcc918930ca8be801acc7682868b91b\r\n18cc18377e2fef33c4ac8f700a15889def8d7965149033c9cf80d7499e966942\r\n18f8c27d91db287a18034e39a2df2e4e3ec9755d4067809b37580859c6a8acd6\r\n1c5467229ec9eadb6c9cdd09d4f69cdbb31906605af609e44505383660ba2f31\r\n1c86607f8145c0c20c4b6345223a8ba0a8f7c31f0e6f952d5baa80ff776b676d\r\n1d371ef854dac871c335d8ad1ba2f3d7916fc449e6383eec9196c117930c4d98\r\n1fa43e3a239c517b2af4fbf9cd176b7ef8282d82f6f555917fefc64e4c9cde30\r\n204bcb9f2278761c541c5be310382f02e21a7b83d6944fb619abec110063dc66\r\n205e180196d948fe19ba8ca04d244f505b667af92e8e85ee05caf61c39e38510\r\n23bd947bcd5946b8b7c985562b6c866b3f573f26929726ec2b24a793d9245639\r\n24a6327b7913db912a1c22fdacc0c7148a03c1aa04ee8e67c5c2f63f894d9fef\r\n255fedca93d25a470f2b59ac374249bf3f8f5325815a7e82a5c2a63cc08f76d4\r\n2c4ebb47841760e94ae3f6f26e9ffe4cc7e933d618b0721e6dce5da6f4595122\r\n2d48d620321ed65bca7f16330d30d8658d8046cedc89c9135c2dfee88316267f\r\n2d7c3f733948bd01e428e517b84eacd96e816ad3d181db27c13246a22dcc03b4\r\n2dc18df6aa58c8646823c532debd0522e0cda5bb113b02caebadb4489ba48ce4\r\n2ebeebe48a1bc8541fa769187fef1214b5855e8979cd902b21b792c57cbd808b\r\n31597d65343eb5ca523fa81dbe4331d577d5d819f60f3aec071b2fb7eb9d01e4\r\n31a5ee81cc3206f30e6bc62e84ec89e9aa35e44b52baacc8955aa68baa0a093e\r\n3215a0502c123bd08d9374e2508d79adabcb36e3a3f5d7cd87a97d616ff9c601\r\n33270eab7adb83b72240a9546d6d310cbc692d4ef102b7136042165b1d95a91a\r\n3388b2781e84a2fdb1d37e5ee1371af605fee7b70e16bd7b57ed8025db2447b4\r\n358679a5aa1ce479cc20c624d3fefe26170b3ad052ed9aa8111bf3047c755ee2\r\n368be300f148a956b017cedac10721e64f8030499ea3411db6519a8eeb68d43c\r\n374c7619257b545ac83cf1870f50f38066c5ded225c780af28cb8bd8c8c80070\r\n39b49f2c3d6cfe9c1064086116abe323d1eb59ab852099dbf9efaca81f662c5b\r\n3adc2160c304c344f6c1efcba1b759af3cc87b85376535b088adb15562aa0254\r\n3c4b375de8b20a9036c3ac9139855f312bbcbe8b3e869b36ebfbf2533422a06e\r\n3d1ec1f66ba4a30aac55590ff3d120ae22e345685caa916f9d1c74592c98f0c3\r\n3e3c5d318ed1a4dd83cf0dc9279d82b5dffa7181f2b650d24c61b1a008d6d0f2\r\n3ee0dd7a2c2d122790e560a535c4a3cc8a11da78df15cd5d4da461797d1e48bf\r\n407baf0c60024ff01e4d2128264064eea5099c33efa6688362ff38e0ee97fbe2\r\n40aa95077ab694181272d48457920b6ca587c9b0752d8752940840e620039793\r\n4528ee62b7c2b479c32b2b401dc875bca1d7125f2206b083d7c3595fd827f839\r\n4aaf857e59a25f98e133aa59bac419b22a60ecc4dcade883bf217ce76c25bf84\r\n4c40fa74b961f90a67d2780412891c49f0a2919b3e90a216daa5f5b12187e219\r\n4d0aaf50b254b52e403a2d613d1aa8ab4b1406f7658db03710cc75752e9c6e01\r\n4f6cea3ce429ccdccee1a4e014cebcfa971e8a2ca8332a68239a7940d7224818\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 6 of 10\n\n50165bf93643c3ee448eb480217442f19567918b7ea98722bb404e7fea558a2b\r\n515ac55d2575077dfc2f50273fd5e52652d17ab6fcd7bb7b23ce2dfbb3685414\r\n53ea999f28add82bb8d70aa9e030893521bf57a08a9564ee7380562142734fd5\r\n54d334b0b1a89677c22dc5490780f3c3724f9b4d6113eca073a241c8921b5977\r\n55a33e1bb55138d85d229f434fcea0b0b147a98e4beb3ce1860b00e8137467d6\r\n5753cb2ece6bc64d950641a48a3c38335c8dd738e7a30f50ae8fad4e09d55914\r\n59a3f3eabe6eecff8b254cea75dcdd898d7bd6886da929f85ffcddaa287f13e4\r\n5a07bc16a6c1039b8f45bee3738abae9b22a109efdfc4dc64366a4c1f7367a2d\r\n5bb3dba425e01da86ccda2e90f343a52690fb687e18ada32624179557498228e\r\n5ce84f9baa96f6b2e854221f8ca9eb3e1b4c00ebec90935b0cbd2640140974c0\r\n5d17794aeae5d5352a7579454419909d2339c51d57b9e4a4e1b77e034d291f22\r\n5d83037ac01f286e920f6a16bf8e158945fda752d6b841031af85e8e778dd5b3\r\n5e9b1bf9407a2baa402451ae8d9a7ffb1fa3ea990bd5d0674756982bf9393b65\r\n5fd948425254ca242b37cdbd9d6d4782683fe31ba08a65053e9b273ffea343c3\r\n60626638547c49bb876c132d0aae3d728c47952ad0da46da64a785e3862d05cb\r\n65519e29f8bd88a50558126c0c2a38c7fdf3809e76624a2efc9d8e2d48aa0937\r\n66a90194dd80475dc2c18ce5884bc94979747aa8cd5f24a4b971d8efaaf59426\r\n66e3893430e6f89b5f0d7d14f113fe60bbe2e3da15b42ec8295fc52579f7a453\r\n686e36a4e3f6dcb113f0b6b54bdeb7574a7e47bb4b6a8341629d8251e022e197\r\n69b59c6263ec89edf585edca4e4c1af204d8b92603cfa6e7c8a02d2361aba147\r\n6b6195fa5809045ed7d27cc851832bb6272941549b69c22d09228531a0ded2db\r\n6c1fdedbd252fec4e35422d639a2bc2256701d4e2569122e3d0940c898adfcb4\r\n6c46ea476eea3b54d7149947cb99424ddfbdc869b527f6a69815c5f9d42b43c3\r\n6e46958960f575bfdc14a3da83de4249ab3f23f834aec3d2b5ca8891f9c91bc8\r\n6eacebaa6b9457c95cde935110876fde8bf1e6f7f43a9276fb9a8a7e09603ba2\r\n715c11a153cbed9ace1618a36142bb7ae2cdcd7bcae3a69161f796ace5d857a0\r\n7215735224ae5437685e0465c36eb8a3a87a3d86e4be0763cfdc06820a62a184\r\n721aa0a8007454b99c90306180c89ef7fc61d85f53e17fa8e3197508064d8d9f\r\n724c4d872ad8a538edfbc55520d27e4639474cdaede5e6f67ccbe5e3477a8912\r\n731c19a06f31328d7336bb50c00851cfc7ecad87159f3277a9729bec4f9d4a53\r\n73c3395e7ad9787595df98570420d3cef4585d02489b1d30f22685e9c1760ab2\r\n76c1e9298873358e28f93977eb97350801937187519ea63fbbb8f8dfe1ba52fc\r\n7c614ec8c5341386f2c98dbeb0aeecdff35a9438c9c80b5942e81b22fc0641b4\r\n8037a59ce1465fa74b2f440eb8eda65a55cab317afab76af725ffa6d6d142ad4\r\n8236ead722c2bc40ad14cf3ac8ecd6d647c415cbaed4b48cbfc4f8ffbe19d761\r\n82a7fca34437668d26a6b1f815986ca4068d63fa3264e8d8f6ab623fb2ffd13c\r\n8368b23494628423416a81f57eae7349edf38128caf92c873143b75e8bad1eb3\r\n841c94ef717b5fd39ee1bfe6cd80700080174b598376a6a393d0d36cac777f13\r\n84629a575a4f2eafd30e86d07663cabd247572c09d7c6cc251bb5b5a641875a6\r\n854dd9d16fd46bec4a6b03a51752275df79906fea15c5cd8475da1814f0bc37e\r\n85f8aaa9aecaa7ddbb2dd10e3fa620108d26573af0aaed888ad51aec0763f8e9\r\n861cad69153a30f93456e51801d933385f0e67b09f0aa55977990fd38102276c\r\n87e2d2769c11ca86553d1a83483b33071cee53a2097530677bf0c56c74d9e19f\r\n87f4e3af806ac0ec376b1ab0235a15b203d19489b27049144f2697da6df29a7d\r\n88234568ba22d7676e0f57e2b910e4a84360849aa660ffada104186a41dabe71\r\n88c376b943a1855b006605b1ebf826eceb5334ccea81bf18a53f4fc70c1645fd\r\n8d4462edf5b928a5817dc59d583ac925200b3621d060a66cc237ad972bdde8ce\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 7 of 10\n\n8ec2058763207a52bf912bbf9108ad5c134f7991d54267a144d66c10adbfa261\r\n919c627af8b1d832aee1ad25de3d1d99c0a04221bb5bfc8a7c8f095b1346bfc6\r\n92243763637516274579f2b9b5f37661b9805ef6be95b56e5e91b619f9b2ba8c\r\n931c900905566bab01a27a9b7722a3dcc0cc5fa9e0ed513486ef6e964ba57a7e\r\n932050cb69306213a3d0c1893a6df1fc23ac41a7890678d24021f3f2297a8855\r\n95e0888ca69ae02606b68b6fc684bcdd6c9e0e74a53394bb3f80560507b599c8\r\n964bb12c1e9687ab7408dc02e953c27a419187c4310ade1b3a0b35431519f142\r\n9717fe080058d75aee1cb2406204052e5ac5eb0b30bc988a34e7c817cc24bb65\r\n984531c88100ca2ab139fc11d6988d596e9e1c511b06335baa9a0c40abdeeb53\r\n994d028748ec7e65004548526394de9df0e5ce0a0c22232d9fdf844b85194616\r\n9a3d9a2da5d238693606365153688157ff58e0dea8d509ddfe36074096d715c9\r\n9cde570788d1430d0545b727963a85c0da7f492e838e43b3cf8b6a1fc984d798\r\n9ea309f425c3cd53ce0302eb33543d5f9a0c7956f3ed58845ded88deca2084ca\r\n9eea1a5a74e2c7d41871222410d9d337dc76cd973dd3fb0dcde89514ff83c219\r\na0b8e020ff671176da99897f3cfa35be9206e46e3d7215603aa09b091ef4db57\r\na3d512f6451ce214e6207edd59d37ad7dfead333094a04ddab9c181472f25742\r\na3e0a9973a4abeed587070b3c052a1ad1809b0db7de2754339dea4616d87d2a9\r\na42e2b5a0b758b189d51dcb2b5093d4b9354e88209255022cd1119afe559aec8\r\na45c573fce0d03856894530561c1370615fa4daddd13da76147bc7ce447c3c3d\r\na5e2e629255556f9324623e86f42a87ff429cd4497269b2abd214dd39702bc33\r\naa7d12fe99100805b6970a01b5abf8e450d719245e0dc5da370bd1e624a7120f\r\nab8ba737e560a257fccb3dbba1fc341d0002d877436720846270be0fc0f2b68c\r\nabe63be5854813b62f29876a2480cb2ed1eae4d9dcd51596390b62c2befc0988\r\nacede4e871ff7ebeda48cd568f8761e7129ed6f596cccbbdce7634e58ecbd7e8\r\nae3038147f454d8099fe12c5bbdf224f98574fa11f65f932380e039bb16ec1db\r\naf35fd57fa3d82b26f3e99136089f010be9ae75259a50c3cb8b354a18cd55d17\r\nb0788325664cd57b0b83cfe756db012120c91506643c26f0e3b2982fe7a3ebad\r\nb11e5dc72111b371e57b8afee104020194517e53263a9f2c2d9bdc8f9bc1dbfa\r\nb1fa4853125c6fbfc38553076e31a3dea62ab066f8cc1f609803a8b26e931a8a\r\nb274567f9238e94357355cfd4e95acc0f9290c0c88c43438e985c299308adebd\r\nb38c9a3fd842f23694bddd6c3d31a99edeb09a8e46f38415962fbfd364694b39\r\nb4aff3da5e0e59bfe2f1df0f966860b4f0e31ba202b6d8e1dbd7eaae4327ae7e\r\nb6772a7ec2ea28d71f5ee696e6d671d47a4ea9ad1b9dee191b476a905d7f54e5\r\nb7b2cfde39268af729c507ff82fd9b20e5dc2abf0d0506c129053d7cc262dfb3\r\nb7f346ba20c63c83ba8a593e2a64e957cfc1e4104c5ba62630ecab330ae14ed2\r\nb8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982\r\nb99b856b0401ce5cc085e2c5b766662ae77f9b8e37a4b191b8280fef1e6c27f3\r\nbc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281\r\nbf285da82b9ddcb61db82e40163832eaa0f77657a5fccabb46e6a2b89b06f854\r\nbfde769562ba97b4e1fde1eb26eb5c670a13154f8a5b6b479b710ca239aff559\r\nc164fc6d2c20cb05925a4d50e56af6ce3d2c4c9fe95d8cac52e8f8728e82395a\r\nc1b3b057acfd3ff79d59523d30affc3d4269f7856e8bf45c7289a5e095d100a1\r\nc2561a8ce8729d8d6f8066946b215f07c83bdb542a3b55009d69a57220e3339f\r\nc2969a902dc2c2eab063dfdf50c7bcd56f9ce989045dbe41e0d9cd546eae6b30\r\nc3fbbb5fc9699a1e48dcc8e9ff6be63a35936f9f3f203925978cb822e0435a63\r\nc5bdcc6a758d9810226e1012a8aa8979fa7fc6205e162d136ae5399065a9a075\r\nc662f5b2ddfb067058c5e4bfc726fb86f3543c6ae4fe160b26915498dea6f9aa\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 8 of 10\n\nc6765b0c795af907637ebc5e0703a285b44041e96d43e81922f8601a2346cafa\r\nc8d02f7bf46941dbd67761d30c12585033bca9ca34bf4bd02d8d3fe13b313fec\r\nc9ca29ceb1a3a2e5e10b8eba5723222b119c9e51dc7ab7b195d16b505a29d896\r\ncb2c71f81a2592f38bb78ee7d6c62d399575de75f51ecdaad6b33003615aaba6\r\ncb3cdb8eb96570da4c544533189a73dcde533e23380ca8a51d0133eab9f0bc16\r\nccf86807e7b572efee1d4c631744fcee4a44699a236927e46a5011188e9cb10c\r\ncecae728ae8fc29506d18ee4ba8f7ef68ed45d1fbff5273ea3e6c1f636173c1a\r\ncef57bfcad0a3fb5a756d0dcf329f3135ec52d1eac2ec33d8ec94d81b5e92877\r\ncf004c6d421b104f80c2076b2ae28f27c065da7e61317364c0daef85d4ac7136\r\ncf961cb072619763a6f2594495b7941d11c634147324b267e958edaddd77936e\r\nd5cbf1579a017a587c69df1c0ec1bc5a29d0e252244998f91701c776d63f796d\r\nd6dc8d8296b85b1b802e430f48e4e8580261849591980fee8cd534c622942de5\r\nd70865663ae6ce65571200cf5e3148ca65ec06ffb3802453b78d3e112b10b386\r\nd757eb59003c4a7df43e64d5aadaed7a2d5fde15570511ec691cc92378253c44\r\nd9e26a194a1ff7d1f2b2659b3b8e6793e1f185633d4c6e17c81171e1d8f7c067\r\nda965e128b7810b230cec8880cb38416287f8676e88cacf7d86847865258a6d6\r\ndb5378044d9ba78de9668c5e6320b6fed0ab7efe61191b8c749a351ebea7c48c\r\ndb55ce99250c1cd4c07bba00172845d8f46b3246a2d63debb02b058e526ff14b\r\ndb7a59b74dc1b3734723488d9b6d67be932c19d5e8da155f634f221e18d74524\r\ndc259fd862a143d4817de17d30f16ed2687929e73f387e9397415fcc74007821\r\ndd1a831e9da418794a92c7061de920eeb741edb4774334d8c8362f6c334c884c\r\ndebc8996917f9ea29356644ecd8945aceece8c44120730acf657afd64b02dde6\r\ne1e9e84a24abaa8658d8715d32e21ed51f1c548123155f4c88bbc8722eecbfbd\r\ne311aaaa543d6c2f87bda69ac2d15a657a6fe8dfbc01e0571a8038c4a54373ef\r\ne48e313a540cb86ed557b3041fdf4b5a95327d00e1ae1210cf10255c97720b11\r\ne5a5d52aa887812801789ec36413abb9ab204c79d2b9030a6f1605730133db3d\r\ne761c5d96f779f5167df24f0cc72e33e5e849f83f1ff1572b9b11301c78346fa\r\neae80962a4e2dce1a1cd5104dc244b04ff4a852b5c3232c5dee7749500de87f1\r\nec34fa7adacd8f11fc8efe29f4d7115fd2e7688e06b72f66043f9c2c4a1e5d64\r\nec7af4291bcd47e2f7776a4332fd557f2ec54b631988ae3355d216334b43cd69\r\nec9be4c081747bc436f9214d7af6693b43ef7c7af9cf6074c973b00efd34425e\r\nee8b2a0c8774b2ecca257da63053a9bc84ea4aac39026c53e6efcc56e99a22c3\r\neece4848cd49ca360335e44c7f8febb42349649885fc6a945f97ed09e79081f5\r\nf1a6ed4877497aee8f121b7cb20768859bb785393d5dc91d1b2470408e7d3ae8\r\nf2e08df6880d599f89c5b4d5497164ab4489e79c233555c53031a90b02d11f51\r\nf4b871a9b2e0b43dd82576d80d178048c95d62876bc8c832f5d874f74e830336\r\nf4f4d7a9d1fd337b7a6d298d7d7271ab8b489c5304b871b1e8d8f1f1719198c2\r\nf6d6f68c4d97dd4270d909c97712cc4ce1098aecc9821ef8356e38cdc7f12b43\r\nf874e0c5e423b8dcf3ec9bc74de93af2cd4be092a7ea73859c777685e411f37c\r\nfd61dbe6be6c33deb3f372cdf279641d97eb6836ca1d55827b649a1268d3f3b7\r\nfda95dfc80c40b06dd680dd4bc8c57e989e1ba9cf36ea1d55ac172bdb0367fb0\r\nfdae004e66cf3dee59380f06e27f286fc5772ce658c9e1765867c07a6fdd131b\r\nfef2172e461fe90ab99dcb0825d7de72ae6bdfb9b2be0838f13fb7f0b4566cd0\r\nAbout Threatray\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 9 of 10\n\nThreatray is a novel malware analysis and intelligence platform. We support all key malware defense use cases,\r\nincluding identification / detection, hunting, response, and analysis. Threatray helps security teams of all skill\r\nlevels to effectively identify and analyze ongoing and past compromises.\r\nAt the core of Threatray are highly scalable code similarity search algorithms that find code reuse between a new\r\nand millions of known samples in seconds. Our core search algorithms do not make use of traditional byte pattern\r\nmatches and are thus highly resilient to code mutations.\r\nOur user facing features are based on the core search technology. They include best of class threat family\r\nidentification and detection, easy to use real-time retro-hunting and retro-detection, cluster analysis to quickly find\r\nrelevant IOCs, and low-level multi-binary analysis capabilities. Some of our binary analysis capabilities have been\r\nused for the research presented in this report.\r\nContact us at https://threatray.com/contact-us or https://twitter.com/threatray\r\nSource: https://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nhttps://threatray.com/blog/a-new-icedid-gziploader-variant/\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://threatray.com/blog/a-new-icedid-gziploader-variant/"
	],
	"report_names": [
		"a-new-icedid-gziploader-variant"
	],
	"threat_actors": [],
	"ts_created_at": 1775434227,
	"ts_updated_at": 1775826730,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a4d30633ac85c9fa9a3d42361a7681ee35610835.pdf",
		"text": "https://archive.orkl.eu/a4d30633ac85c9fa9a3d42361a7681ee35610835.txt",
		"img": "https://archive.orkl.eu/a4d30633ac85c9fa9a3d42361a7681ee35610835.jpg"
	}
}