netdooka | 07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4 | Triage

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
10-06-2022 15:37

Sharing

Report Analysis Logs

General

Target

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.exe
Size

54KB
MD5

7d6fff4ae0c7ffd8d68486d2df914087
SHA1

dc65e3e4c4fb12691fa70f964081600adb18a2ae
SHA256

07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4
SHA512

a71ae0c58978c655141670d65649baab3c9e964936e7a9faa4a31ec95f838e691741dc9d230496de494d3ccd5b39b09482f6b317bff8d00c59ef61c322b6b8c4

Score

10^/10

netdooka loader rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Signatures

NetDooka
NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
loader rat netdooka
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3816 1944 WerFault.exe 07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.exe

C:\Users\Admin\AppData\Local\Temp\07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.exe
"C:\Users\Admin\AppData\Local\Temp\07aec94afba94eb3b35ba5b2e74b37553c3c0fed4f6de1fbac61c20dae3f29d4.exe"
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 824
2⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1944 -ip 1944
1⤵
PID:3124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-130-0x0000000000360000-0x0000000000370000-memory.dmp

Filesize
64KB

Download
memory/1944-131-0x0000000004C50000-0x0000000004C72000-memory.dmp

Filesize
136KB

Download