netdooka | 28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642 | Triage

Submit
Reports

Overview

overview

Static

static

28ad0bc330...42.exe

windows7-x64

28ad0bc330...42.exe

windows10-2004-x64

Sharing

General

Target

28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642
Size

96KB
Sample

220817-whd44aahfl
MD5

d2648d277a22b438236af3bfe5421582
SHA1

146489af6ee05c0504bd37896435e03ee0d8f261
SHA256

28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642
SHA512

9f61b856d199e316ab88578d977950537d87e101c5c33ec857d52688b582f2dbd3b5bcfbb5386bbfb7cd1fc9aaeb3b412a7d603bf31544fe35c4198dfafba1ef
SSDEEP

1536:izbpF5L9ypm16VHob92Zfg5S9vZY/9r53wg:izbpF19xKHob92Rxm/9r53wg

Score

10^/10

netdooka loader persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642.exe

Resource

win7-20220812-en

netdooka loader persistence rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642.exe

Resource

win10v2004-20220812-en

netdooka loader persistence rat

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

netdooka

C2

93.115.21.45

Targets

- Target
  
  28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642
- Size
  
  96KB
- MD5
  
  d2648d277a22b438236af3bfe5421582
- SHA1
  
  146489af6ee05c0504bd37896435e03ee0d8f261
- SHA256
  
  28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642
- SHA512
  
  9f61b856d199e316ab88578d977950537d87e101c5c33ec857d52688b582f2dbd3b5bcfbb5386bbfb7cd1fc9aaeb3b412a7d603bf31544fe35c4198dfafba1ef
- SSDEEP
  
  1536:izbpF5L9ypm16VHob92Zfg5S9vZY/9r53wg:izbpF19xKHob92Rxm/9r53wg
Score

10^/10

netdooka loader persistence rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netdookaloaderpersistencerat

behavioral2

netdookaloaderpersistencerat

© 2018-2024

Terms | Privacy