netdooka | 1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72 | Triage

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
10-06-2022 15:37

Sharing

Report Analysis Logs

General

Target

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72.exe
Size

36KB
MD5

4f6d5d0ba1aa54880f1bcce5ed4858a4
SHA1

06d7f2150ebe20a6c3a0e65a46459b5fe2e9ceb2
SHA256

1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72
SHA512

fa78f6a16ded41d10bf5a09bfc849452b21e9f0b9d9fe29e9162811aae5912264bf117f30cf2dfd443fa073b925e999ba484ecb6f38b7d8a0f05d839ee40792f

Score

10^/10

netdooka loader rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Signatures

NetDooka
NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
loader rat netdooka

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
380	1640	WerFault.exe	78

C:\Users\Admin\AppData\Local\Temp\1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72.exe
"C:\Users\Admin\AppData\Local\Temp\1cc21e3bbfc910ff2ceb8e63641582bdcca3e479029aa425c55aa346830c6c72.exe"
1⤵
PID:1640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 824
  2⤵
  - Program crash
  PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1640 -ip 1640
1⤵
PID:4872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-130-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/1640-131-0x00000000058D0000-0x00000000058F2000-memory.dmp

Filesize
136KB

Download