IceXLoader is a commercial malware used to download and deploy additional malware on infected machines. The latest version is written in Nim, a relatively new language utilized by threat actors the past two years, most notably by the NimzaLoader variant of BazarLoader used by the TrickBot group.
The developers provided a video to demonstrate configuring the IceXLoader builder with a Server URL containing the familiar Command & Control (C2) URL pattern “icex/Script.php” seen in our samples.
What do you think?
It is nice to know your opinion. Leave a comment.