General
Target

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.bin

Size

36KB

Sample

220610-s2x5jacfgq

Score
10/10
MD5

a00a73cdc75178a115112a584c5a4dbf

SHA1

0a862f5f6b8dd211e966e74a3de3e4f1224bae6d

SHA256

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e

SHA512

91e30c84c03e46a9c232b7d628d280b841c5391be7e871b8b1b117422e41dd732a23ec8fe71126e1a38ac69ee1b7f190c666f637cf5cae358cac374c6d114cff

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets
Target

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.bin

MD5

a00a73cdc75178a115112a584c5a4dbf

Filesize

36KB

Score
10/10
SHA1

0a862f5f6b8dd211e966e74a3de3e4f1224bae6d

SHA256

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e

SHA512

91e30c84c03e46a9c232b7d628d280b841c5391be7e871b8b1b117422e41dd732a23ec8fe71126e1a38ac69ee1b7f190c666f637cf5cae358cac374c6d114cff

Tags

Signatures

  • NetDooka

    Description

    NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Checks for any installed AV software in registry

    TTPs

    Security Software Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    1/10