netdooka | 5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54 | Triage

Submit
Reports

Overview

overview

Static

static

5c14a72a6b...54.exe

windows7_x64

5c14a72a6b...54.exe

windows10-2004_x64

1

Sharing

General

Target

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54.bin
Size

47KB
Sample

220610-s2wxgahba9
MD5

0d225faf96ee8d83cb69fbfcceba98bc
SHA1

a7b3c081b405cccfd55b8e64a6922fbc69bd733c
SHA256

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54
SHA512

dbc0501e031e711a756519dd4dbe83fc18ecc2f25fed205ef5d9fdc7b9e54e5dd6995250bcfa494e26e8f12a497842987af490f82d787033931306aec07edfd9

Score

10^/10

netdooka loader persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54.exe

Resource

win7-20220414-en

netdooka loader persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

- Target
  
  5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54.bin
- Size
  
  47KB
- MD5
  
  0d225faf96ee8d83cb69fbfcceba98bc
- SHA1
  
  a7b3c081b405cccfd55b8e64a6922fbc69bd733c
- SHA256
  
  5c14a72a6b73b422cafc2596c13897937013fd335eca4299e63d01adee727d54
- SHA512
  
  dbc0501e031e711a756519dd4dbe83fc18ecc2f25fed205ef5d9fdc7b9e54e5dd6995250bcfa494e26e8f12a497842987af490f82d787033931306aec07edfd9
Score

10^/10

netdooka loader persistence rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Checks for any installed AV software in registry
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

New Service

Scheduled Task

Privilege Escalation

New Service

Scheduled Task

Defense Evasion

Credential Access

Discovery

Security Software Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netdookaloaderpersistencerat

behavioral2

© 2018-2024

Terms | Privacy