icedid | 1938b54b768ab26cfd65aa00e9735c25eac7406a0ac7e2974bd02e88ee1ba9fc | Triage

Resubmissions

22-02-2022 16:12

220222-tnl1saahc8 10

06-01-2022 15:26

220106-svf8fabda6 10

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-en-20211208
submitted
22-02-2022 16:12

Sharing

Report Analysis Logs

General

Target

surge-.dll
Size

56KB
MD5

33dfe81be311fa8ef57484233cc41048
SHA1

2add3138807dce2a3d2cb840b100746e76188455
SHA256

537e72101559c3aac83c6618840241fbfbc93ee3fca306c52b4436a0558fc5e4
SHA512

b3029ff6e0480dea8efc043b1ce54c7d1461755d198a9fc83163b860515ff9f4f0d243c64dfec68d4ea5487395bfb79fe0ca80b68bcc099e40f64847eee8fe09

Score

10^/10

icedid 4103365356 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

4103365356

C2

upperdown.eu

upperdown.in

landofrayz.com

Attributes

auth_var
16
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\surge-.dll,#1
1⤵
PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-53-0x00000000002B0000-0x00000000002E7000-memory.dmp

Filesize
220KB

Download