Overview

overview

10

Static

static

1

2039930_01029.js

windows7-x64

10

2039930_01029.js

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 15:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2039930_01029.js

  • Size

    1.0MB

  • MD5

    d115552252592f589e7412d6650a949e

  • SHA1

    ad4c6cd7e85541866f5cd0fa747b7f08a5fe8067

  • SHA256

    3b55010b7f8f4e7ded435b29af5d00f98c06dd8f14258355d0049f186f4a6bbc

  • SHA512

    461aebb7a488102e3de0c9b807dbf8d04a41737d050dc4ca95bbf8283ee5176845adafee6bf81db83a73af2b67e66f45adaad6a145062ae035208cee71adfa71

  • SSDEEP

    1536:toTXaFN5VEYPznC2x1ZQu56WD/EYc9piGqvzlY84fEgZt32a2zO70tsE+TXURbtj:tS2uXtlk

Score
10/10
danabotbankerbotnetdiscoveryexecutiontrojan

Malware Config

Extracted

Family

danabot

C2

164.175.70.152

89.144.25.243

86.177.194.155

29.195.96.191

29.43.1.29

84.215.94.117

115.58.63.174

89.144.25.104

199.179.34.46

68.48.87.153
rsa_pubkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot x86 payload 1 IoCs

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet
  • Blocklisted process makes network request 8 IoCs
  • Loads dropped DLL 5 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\2039930_01029.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\System32\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -s C:\Users\Admin\AppData\Local\Temp\\ALNYajCWUsjV.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1028
      • C:\Windows\SysWOW64\regsvr32.exe
        -s C:\Users\Admin\AppData\Local\Temp\\ALNYajCWUsjV.dll
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2252
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\ALNYajCWUsjV.dll,f0
          4⤵
          • Blocklisted process makes network request
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ALNYajCWUsjV.dll
    Filesize

    284KB

    MD5

    82e719eae0182374cb433118d8d802d2

    SHA1

    626ba0208fcf1ef29bf8cfa0e6f70ded70aee885

    SHA256

    8e0dcdd85ab03fd0230f512158aaee86a29b6816c959bfd4ae6a91500f37e45c

    SHA512

    914370240040c3ee6bc328a8c93b8a00ab20af44ac98222626ecee907bfe18a1e856f6b4a07c75073a40abd4b2caac042b9f92b7f3f774700cbfb5998ba8e968

    Download Submit

  • memory/2252-3-0x00000000001D0000-0x0000000000225000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2252-4-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2936-9-0x00000000002D0000-0x0000000000325000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2936-10-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2936-11-0x00000000002D0000-0x0000000000325000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2936-23-0x00000000002D0000-0x0000000000325000-memory.dmp

    Filesize

    340KB

    Download