netdooka | 76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086 | Triage

Sharing

General

Target

76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086.bin
Size

218KB
Sample

220610-s2xtrshbb2
MD5

7804c8a590250469feed31c85da8acf3
SHA1

bdc5e81cf0cdb4b09f8e05826110b42b78e1bd16
SHA256

76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086
SHA512

17743414c5e80686dd0124661570533791df27f14c75452e89e0de5030b2535f2edac4bad349168e2564aee0058f539eec4dc1899b29713d9d90f5b0f8e450a5

Score

10^/10

netdooka loader rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

- Target
  
  76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086.bin
- Size
  
  218KB
- MD5
  
  7804c8a590250469feed31c85da8acf3
- SHA1
  
  bdc5e81cf0cdb4b09f8e05826110b42b78e1bd16
- SHA256
  
  76ed2ef41db9ec357168cd38daeff1079458af868a037251d3fec36de1b72086
- SHA512
  
  17743414c5e80686dd0124661570533791df27f14c75452e89e0de5030b2535f2edac4bad349168e2564aee0058f539eec4dc1899b29713d9d90f5b0f8e450a5
Score

10^/10

netdooka loader rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netdookaloaderrat

behavioral2

netdookaloaderrat