netdooka | 07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4 | Triage

Sharing

General

Target

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.bin
Size

54KB
Sample

220610-s2wayahba7
MD5

7d6fff4ae0c7ffd8d68486d2df914087
SHA1

dc65e3e4c4fb12691fa70f964081600adb18a2ae
SHA256

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4
SHA512

a71ae0c58978c655141670d65649baab3c9e964936e7a9faa4a31ec95f838e691741dc9d230496de494d3ccd5b39b09482f6b317bff8d00c59ef61c322b6b8c4

Score

10^/10

netdooka evasion loader persistence rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

- Target
  
  07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.bin
- Size
  
  54KB
- MD5
  
  7d6fff4ae0c7ffd8d68486d2df914087
- SHA1
  
  dc65e3e4c4fb12691fa70f964081600adb18a2ae
- SHA256
  
  07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4
- SHA512
  
  a71ae0c58978c655141670d65649baab3c9e964936e7a9faa4a31ec95f838e691741dc9d230496de494d3ccd5b39b09482f6b317bff8d00c59ef61c322b6b8c4
Score

10^/10

netdooka evasion loader persistence rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Creates new service(s)
  persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Security Software Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

netdookaevasionloaderpersistencerat

behavioral2

netdookaloaderrat