Overview

overview

10

Static

static

3

98ee488607...3a.exe

windows7-x64

8

98ee488607...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98ee48860712d3c06c3a4aa31c14de3a

  • Size

    69KB

  • Sample

    240213-j7ze4seg34

  • MD5

    98ee48860712d3c06c3a4aa31c14de3a

  • SHA1

    f36cb20f9663051d1eacfe0543e5449f958b7587

  • SHA256

    60bf7b23526f36710f4ef589273d92cc21d45a996c09af9a4be52368c3233af6

  • SHA512

    49e2982dc220a6fcde0782f7b3637972533b8c8e5821a685bfda65dd4df5d85e6dc11d725ecc7388c9bb81dddea3dac82ee9064cd276d3cdfa7a50c5be9a19a2

  • SSDEEP

    1536:kMbuxfmDShn8doSSW02UAll71xCJ6Kyvd656jpI9MtUL+mAd7A2DDf27Gz:kMbupmOWHSW02U+xCJ/yvE4anin62DDB

Score
10/10
netdookaloaderpersistencerat

Malware Config

Extracted

Family

netdooka

C2

89.38.131.155

Targets

    • Target

      98ee48860712d3c06c3a4aa31c14de3a

    • Size

      69KB

    • MD5

      98ee48860712d3c06c3a4aa31c14de3a

    • SHA1

      f36cb20f9663051d1eacfe0543e5449f958b7587

    • SHA256

      60bf7b23526f36710f4ef589273d92cc21d45a996c09af9a4be52368c3233af6

    • SHA512

      49e2982dc220a6fcde0782f7b3637972533b8c8e5821a685bfda65dd4df5d85e6dc11d725ecc7388c9bb81dddea3dac82ee9064cd276d3cdfa7a50c5be9a19a2

    • SSDEEP

      1536:kMbuxfmDShn8doSSW02UAll71xCJ6Kyvd656jpI9MtUL+mAd7A2DDf27Gz:kMbupmOWHSW02U+xCJ/yvE4anin62DDB

    Score
    10/10
    persistencenetdookaloaderrat

    • NetDooka

      NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

      loaderratnetdooka

    • Modifies Installed Components in the registry

      persistence

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks