General
Target

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.bin

Size

54KB

Sample

220610-s2wayahba7

Score
10/10
MD5

7d6fff4ae0c7ffd8d68486d2df914087

SHA1

dc65e3e4c4fb12691fa70f964081600adb18a2ae

SHA256

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4

SHA512

a71ae0c58978c655141670d65649baab3c9e964936e7a9faa4a31ec95f838e691741dc9d230496de494d3ccd5b39b09482f6b317bff8d00c59ef61c322b6b8c4

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets
Target

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.bin

MD5

7d6fff4ae0c7ffd8d68486d2df914087

Filesize

54KB

Score
10/10
SHA1

dc65e3e4c4fb12691fa70f964081600adb18a2ae

SHA256

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4

SHA512

a71ae0c58978c655141670d65649baab3c9e964936e7a9faa4a31ec95f838e691741dc9d230496de494d3ccd5b39b09482f6b317bff8d00c59ef61c322b6b8c4

Tags

Signatures

  • NetDooka

    Description

    NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Checks for any installed AV software in registry

    TTPs

    Security Software Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10