Malware sandboxing report by Hatching Triage

Target

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.bin

Size

36KB

Sample

220610-s2x5jacfgq

Score

10^/10

MD5

a00a73cdc75178a115112a584c5a4dbf

SHA1

0a862f5f6b8dd211e966e74a3de3e4f1224bae6d

SHA256

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e

SHA512

91e30c84c03e46a9c232b7d628d280b841c5391be7e871b8b1b117422e41dd732a23ec8fe71126e1a38ac69ee1b7f190c666f637cf5cae358cac374c6d114cff

Extracted

Family	netdooka
C2	http://93.115.21.45/gtaddress http://93.115.21.45/gtaddress

Target

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.bin

MD5

a00a73cdc75178a115112a584c5a4dbf

Filesize

36KB

Score

10^/10

SHA1

0a862f5f6b8dd211e966e74a3de3e4f1224bae6d

SHA256

8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e

SHA512

91e30c84c03e46a9c232b7d628d280b841c5391be7e871b8b1b117422e41dd732a23ec8fe71126e1a38ac69ee1b7f190c666f637cf5cae358cac374c6d114cff

Signatures

NetDooka
Description

NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
Tags

loader rat netdooka
Creates new service(s)
Tags

persistence

TTPs

New Service
Executes dropped EXE
Stops running service(s)
Tags

evasion

TTPs

Modify Existing ServiceService Stop
Checks for any installed AV software in registry
TTPs

Security Software Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Service Stop

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

Score

N/A

behavioral1

netdooka evasion loader persistence rat

Score

10^/10

behavioral2

Score

1^/10

Extracted

Tags

Signatures

NetDooka

Description

Tags

Creates new service(s)

Tags

TTPs

Executes dropped EXE

Stops running service(s)

Tags

TTPs

Checks for any installed AV software in registry

TTPs

Related Tasks

static1

behavioral1

behavioral2