netdooka | 8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e | Triage

Sharing

General

Target

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.bin
Size

36KB
Sample

220610-s2x5jacfgq
MD5

a00a73cdc75178a115112a584c5a4dbf
SHA1

0a862f5f6b8dd211e966e74a3de3e4f1224bae6d
SHA256

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e
SHA512

91e30c84c03e46a9c232b7d628d280b841c5391be7e871b8b1b117422e41dd732a23ec8fe71126e1a38ac69ee1b7f190c666f637cf5cae358cac374c6d114cff

Score

10^/10

netdooka evasion loader persistence rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

- Target
  
  8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.bin
- Size
  
  36KB
- MD5
  
  a00a73cdc75178a115112a584c5a4dbf
- SHA1
  
  0a862f5f6b8dd211e966e74a3de3e4f1224bae6d
- SHA256
  
  8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e
- SHA512
  
  91e30c84c03e46a9c232b7d628d280b841c5391be7e871b8b1b117422e41dd732a23ec8fe71126e1a38ac69ee1b7f190c666f637cf5cae358cac374c6d114cff
Score

10^/10

netdooka evasion loader persistence rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Creates new service(s)
  persistence
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Privilege Escalation

New Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Remote System Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

netdookaevasionloaderpersistencerat

behavioral2