Overview

overview

10

Static

static

28ad0bc330...42.exe

windows7-x64

10

28ad0bc330...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642

  • Size

    96KB

  • Sample

    220817-whd44aahfl

  • MD5

    d2648d277a22b438236af3bfe5421582

  • SHA1

    146489af6ee05c0504bd37896435e03ee0d8f261

  • SHA256

    28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642

  • SHA512

    9f61b856d199e316ab88578d977950537d87e101c5c33ec857d52688b582f2dbd3b5bcfbb5386bbfb7cd1fc9aaeb3b412a7d603bf31544fe35c4198dfafba1ef

  • SSDEEP

    1536:izbpF5L9ypm16VHob92Zfg5S9vZY/9r53wg:izbpF19xKHob92Rxm/9r53wg

Score
10/10
netdookaloaderpersistencerat

Malware Config

Extracted

Family

netdooka

C2

93.115.21.45

Targets

    • Target

      28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642

    • Size

      96KB

    • MD5

      d2648d277a22b438236af3bfe5421582

    • SHA1

      146489af6ee05c0504bd37896435e03ee0d8f261

    • SHA256

      28ad0bc330c7005637c6241ef5f267981c7b31561dc7d5d5a56e24423b63e642

    • SHA512

      9f61b856d199e316ab88578d977950537d87e101c5c33ec857d52688b582f2dbd3b5bcfbb5386bbfb7cd1fc9aaeb3b412a7d603bf31544fe35c4198dfafba1ef

    • SSDEEP

      1536:izbpF5L9ypm16VHob92Zfg5S9vZY/9r53wg:izbpF19xKHob92Rxm/9r53wg

    Score
    10/10
    netdookaloaderpersistencerat

    • NetDooka

      NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

      loaderratnetdooka

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks