Overview

overview

10

Static

static

1

4ceded8819...ef.exe

windows7-x64

10

4ceded8819...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef.zip

  • Size

    633KB

  • Sample

    240402-l4p4daed83

  • MD5

    888c83112b4dc68093750af92cfbcbb8

  • SHA1

    2d7c2e2a2c9afe04ce6ebb1b412e25d843b8126c

  • SHA256

    bd59e50bd956f6ef82d05a2a9f945543cc3c4868a6916f772b6f53d51f804903

  • SHA512

    7b7e408229514f0d3219c9115fe7363f2f8ea0b06983e49be24568da76bfafb68fbbb46f7347149b960a2935e178779dbfba67df9f1d2ffed6ec7c7d41e970c5

  • SSDEEP

    12288:Y9pWbuak/CDIGPuOqGxQaR6beoco1Zl+QzAOzmc8gOCXXDyu:O4Sz/kJuOqGxql+QzJ8g7XDyu

Score
10/10
netdookaevasionloaderpersistencerat

Malware Config

Extracted

Family

netdooka

C2



Targets

    • Target

      4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef.exe

    • Size

      660KB

    • MD5

      54a315b26c66694821fb2091ef865f7f

    • SHA1

      9f79ec5e7845bd33a58124fd3d10637a20630bb5

    • SHA256

      4ceded881995aa09ac269002c4312560ac38576aa82d95dc85d28a1a2b76bbef

    • SHA512

      625e851ddedd83103d1b27c25bdb8428e8aab9321436d48668112dd887f9ede5655b4f5b13d69e656bae522951c50cedd53426de725788ba5697089e81156814

    • SSDEEP

      12288:nBxT3SKVIC9HdFEtttJl3Mob+60MCV94D0cIegdu1oeK/lGRgOUqmq9kR6lhKXhh:BxT3ZVB9HdFQPl3M06MCV9k0DegduieE

    Score
    10/10
    netdookaevasionloaderpersistencerat

    • NetDooka

      NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.

      loaderratnetdooka

    • Creates new service(s)

      persistence

    • Stops running service(s)

      evasion

    • Checks for any installed AV software in registry

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks