netdooka | 1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72 | Triage

Sharing

General

Target

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72.bin
Size

36KB
Sample

220610-s2wlpshba8
MD5

4f6d5d0ba1aa54880f1bcce5ed4858a4
SHA1

06d7f2150ebe20a6c3a0e65a46459b5fe2e9ceb2
SHA256

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72
SHA512

fa78f6a16ded41d10bf5a09bfc849452b21e9f0b9d9fe29e9162811aae5912264bf117f30cf2dfd443fa073b925e999ba484ecb6f38b7d8a0f05d839ee40792f

Score

10^/10

netdooka evasion loader persistence rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

- Target
  
  1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72.bin
- Size
  
  36KB
- MD5
  
  4f6d5d0ba1aa54880f1bcce5ed4858a4
- SHA1
  
  06d7f2150ebe20a6c3a0e65a46459b5fe2e9ceb2
- SHA256
  
  1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72
- SHA512
  
  fa78f6a16ded41d10bf5a09bfc849452b21e9f0b9d9fe29e9162811aae5912264bf117f30cf2dfd443fa073b925e999ba484ecb6f38b7d8a0f05d839ee40792f
Score

10^/10

netdooka evasion loader persistence rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Creates new service(s)
  persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Security Software Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

netdookaevasionloaderpersistencerat

behavioral2

netdookaloaderrat