netdooka | 60bf7b23526f36710f4ef589273d92cc21d45a996c09af9a4be52368c3233af6 | Triage

Submit
Reports

Overview

overview

Static

static

3

98ee488607...3a.exe

windows7-x64

8

98ee488607...3a.exe

windows10-2004-x64

Sharing

General

Target

98ee48860712d3c06c3a4aa31c14de3a
Size

69KB
Sample

240213-j7ze4seg34
MD5

98ee48860712d3c06c3a4aa31c14de3a
SHA1

f36cb20f9663051d1eacfe0543e5449f958b7587
SHA256

60bf7b23526f36710f4ef589273d92cc21d45a996c09af9a4be52368c3233af6
SHA512

49e2982dc220a6fcde0782f7b3637972533b8c8e5821a685bfda65dd4df5d85e6dc11d725ecc7388c9bb81dddea3dac82ee9064cd276d3cdfa7a50c5be9a19a2
SSDEEP

1536:kMbuxfmDShn8doSSW02UAll71xCJ6Kyvd656jpI9MtUL+mAd7A2DDf27Gz:kMbupmOWHSW02U+xCJ/yvE4anin62DDB

Score

10^/10

netdooka loader persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

98ee48860712d3c06c3a4aa31c14de3a.exe

Resource

win7-20231215-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

98ee48860712d3c06c3a4aa31c14de3a.exe

Resource

win10v2004-20231215-en

netdooka loader persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

netdooka

C2

89.38.131.155

Targets

- Target
  
  98ee48860712d3c06c3a4aa31c14de3a
- Size
  
  69KB
- MD5
  
  98ee48860712d3c06c3a4aa31c14de3a
- SHA1
  
  f36cb20f9663051d1eacfe0543e5449f958b7587
- SHA256
  
  60bf7b23526f36710f4ef589273d92cc21d45a996c09af9a4be52368c3233af6
- SHA512
  
  49e2982dc220a6fcde0782f7b3637972533b8c8e5821a685bfda65dd4df5d85e6dc11d725ecc7388c9bb81dddea3dac82ee9064cd276d3cdfa7a50c5be9a19a2
- SSDEEP
  
  1536:kMbuxfmDShn8doSSW02UAll71xCJ6Kyvd656jpI9MtUL+mAd7A2DDf27Gz:kMbupmOWHSW02U+xCJ/yvE4anin62DDB
Score

10^/10

persistence netdooka loader rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netdookaloaderpersistencerat

© 2018-2024

Terms | Privacy