Overview

overview

10

Static

static

Avpobb1.dll

windows10-1703-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    54s
  • platform
    windows10-1703_x64
  • resource
    win10-20220718-en
  • resource tags

    arch:x64arch:x86image:win10-20220718-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-08-2022 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Avpobb1.dll

  • Size

    313KB

  • MD5

    55021cdec691820bcaf4d2dae6ace921

  • SHA1

    32d0f4043fd7374677ce6d7e883f8bf5f5022787

  • SHA256

    5973c98cb667d24911df5f31dc29da4ec85a18cf28bc0e9dc4cacdbf383ec7c3

  • SHA512

    5b322d36d304cedcf1bb87a34696969171f95fad5397c6306fb38950679bc950f7ff69e1273581d4d2ebdc099f7063bb42afa42fe7282c4a9751957f7a0045c9

Score
10/10
icedid3524611504bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com
Attributes
  • auth_var

    8

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Avpobb1.dll,#1
    1⤵
      PID:2092

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2092-117-0x0000000180000000-0x0000000180005000-memory.dmp
      Filesize

      20KB

      Download