General
Target

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72.bin

Size

36KB

Sample

220610-s2wlpshba8

Score
10/10
MD5

4f6d5d0ba1aa54880f1bcce5ed4858a4

SHA1

06d7f2150ebe20a6c3a0e65a46459b5fe2e9ceb2

SHA256

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72

SHA512

fa78f6a16ded41d10bf5a09bfc849452b21e9f0b9d9fe29e9162811aae5912264bf117f30cf2dfd443fa073b925e999ba484ecb6f38b7d8a0f05d839ee40792f

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets
Target

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72.bin

MD5

4f6d5d0ba1aa54880f1bcce5ed4858a4

Filesize

36KB

Score
10/10
SHA1

06d7f2150ebe20a6c3a0e65a46459b5fe2e9ceb2

SHA256

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72

SHA512

fa78f6a16ded41d10bf5a09bfc849452b21e9f0b9d9fe29e9162811aae5912264bf117f30cf2dfd443fa073b925e999ba484ecb6f38b7d8a0f05d839ee40792f

Tags

Signatures

  • NetDooka

    Description

    NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Checks for any installed AV software in registry

    TTPs

    Security Software Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10