Overview

overview

10

Static

static

76ed2ef41d...86.exe

windows7_x64

10

76ed2ef41d...86.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086.bin

  • Size

    218KB

  • Sample

    220610-s2xtrshbb2

  • MD5

    7804c8a590250469feed31c85da8acf3

  • SHA1

    bdc5e81cf0cdb4b09f8e05826110b42b78e1bd16

  • SHA256

    76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086

  • SHA512

    17743414c5e80686dd0124661570533791df27f14c75452e89e0de5030b2535f2edac4bad349168e2564aee0058f539eec4dc1899b29713d9d90f5b0f8e450a5

Score
10/10
netdookaloaderrat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

    • Target

      76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086.bin

    • Size

      218KB

    • MD5

      7804c8a590250469feed31c85da8acf3

    • SHA1

      bdc5e81cf0cdb4b09f8e05826110b42b78e1bd16

    • SHA256

      76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086

    • SHA512

      17743414c5e80686dd0124661570533791df27f14c75452e89e0de5030b2535f2edac4bad349168e2564aee0058f539eec4dc1899b29713d9d90f5b0f8e450a5

    Score
    10/10
    netdookaloaderrat

    • NetDooka

      NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

      loaderratnetdooka

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks