netdooka | 91791f8c459f32dc9bf6ec9f7ee157e322b252bc74b1142705dcc74fe8eced7e | Triage

Sharing

General

Target

91791f8c459f32dc9bf6ec9f7ee157e322b252bc74b1142705dcc74fe8eced7e
Size

62KB
Sample

220819-k7ma8abcem
MD5

e538190af9ed2ee602d3cbbe25fd1d78
SHA1

9649f68d1de493b0f17d93b33c2e6bd0ff149e1e
SHA256

91791f8c459f32dc9bf6ec9f7ee157e322b252bc74b1142705dcc74fe8eced7e
SHA512

99b29ef2c068da8d0d50927463257ae1e90b30dab4114af3c5300084b2a6bbdc1d8b67bc9e3cd6d8bd3320c56bb255f7de3a9f60363f2bc0935603e8929eb99b
SSDEEP

768:eUcljbdbaduiSpAmHGHuGFOChjPpcPO2hbdtVWfCoJAvVfjgK+v1Pshc5HFe0jwJ:ABdb1iMASmICZptCX5jRUGgjjvI10w

Score

10^/10

netdooka loader persistence rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

- Target
  
  91791f8c459f32dc9bf6ec9f7ee157e322b252bc74b1142705dcc74fe8eced7e
- Size
  
  62KB
- MD5
  
  e538190af9ed2ee602d3cbbe25fd1d78
- SHA1
  
  9649f68d1de493b0f17d93b33c2e6bd0ff149e1e
- SHA256
  
  91791f8c459f32dc9bf6ec9f7ee157e322b252bc74b1142705dcc74fe8eced7e
- SHA512
  
  99b29ef2c068da8d0d50927463257ae1e90b30dab4114af3c5300084b2a6bbdc1d8b67bc9e3cd6d8bd3320c56bb255f7de3a9f60363f2bc0935603e8929eb99b
- SSDEEP
  
  768:eUcljbdbaduiSpAmHGHuGFOChjPpcPO2hbdtVWfCoJAvVfjgK+v1Pshc5HFe0jwJ:ABdb1iMASmICZptCX5jRUGgjjvI10w
Score

10^/10

netdooka loader persistence rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Creates new service(s)
  persistence
- Executes dropped EXE
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Privilege Escalation

New Service

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Security Software Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netdookaloaderpersistencerat

behavioral2

netdookaloaderrat