General
Target

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54.bin

Size

47KB

Sample

220610-s2wxgahba9

Score
10/10
MD5

0d225faf96ee8d83cb69fbfcceba98bc

SHA1

a7b3c081b405cccfd55b8e64a6922fbc69bd733c

SHA256

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54

SHA512

dbc0501e031e711a756519dd4dbe83fc18ecc2f25fed205ef5d9fdc7b9e54e5dd6995250bcfa494e26e8f12a497842987af490f82d787033931306aec07edfd9

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets
Target

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54.bin

MD5

0d225faf96ee8d83cb69fbfcceba98bc

Filesize

47KB

Score
10/10
SHA1

a7b3c081b405cccfd55b8e64a6922fbc69bd733c

SHA256

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54

SHA512

dbc0501e031e711a756519dd4dbe83fc18ecc2f25fed205ef5d9fdc7b9e54e5dd6995250bcfa494e26e8f12a497842987af490f82d787033931306aec07edfd9

Tags

Signatures

  • NetDooka

    Description

    NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Drops file in Drivers directory

  • Executes dropped EXE

  • Deletes itself

  • Checks for any installed AV software in registry

    TTPs

    Security Software Discovery
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      10/10

                      behavioral2

                      Score
                      1/10