netdooka | 531f6cb76127ead379d0315a7ef1a3fc61d8fff1582aa6e4f77cc73259b3e1f2 | Triage

Sharing

General

Target

531F6CB76127EAD379D0315A7EF1A3FC61D8FFF1582AA6E4F77CC73259B3E1F2.exe
Size

44KB
Sample

241204-qh1p7swnfx
MD5

6760dd5d71565ac0cd4cbafcfcea5ff1
SHA1

384d6268d8c62bb1273493dc5a57185680b55739
SHA256

531f6cb76127ead379d0315a7ef1a3fc61d8fff1582aa6e4f77cc73259b3e1f2
SHA512

4779383cb099bc1ae96461b6b07001dc3efd198695f15eaa87705c1c6c94baf89b00b29f892164d2db77d3185c11ef4378a09aca36b4c4f504e6b82f3a017c8f
SSDEEP

768:ySuMLCCb8qs0z3NbVR1ZWTO1Wi+Ys46Aj4z9N9G8Iug3r0PggzQp7j5ALyspH:sMlbXzdz2TahTs4a9Nw8acgGKj5NsJ

Score

10^/10

netdooka discovery evasion execution loader persistence rat

Malware Config

Extracted

Family

netdooka

C2

http://93.115.21.45/gtaddress

Targets

- Target
  
  531F6CB76127EAD379D0315A7EF1A3FC61D8FFF1582AA6E4F77CC73259B3E1F2.exe
- Size
  
  44KB
- MD5
  
  6760dd5d71565ac0cd4cbafcfcea5ff1
- SHA1
  
  384d6268d8c62bb1273493dc5a57185680b55739
- SHA256
  
  531f6cb76127ead379d0315a7ef1a3fc61d8fff1582aa6e4f77cc73259b3e1f2
- SHA512
  
  4779383cb099bc1ae96461b6b07001dc3efd198695f15eaa87705c1c6c94baf89b00b29f892164d2db77d3185c11ef4378a09aca36b4c4f504e6b82f3a017c8f
- SSDEEP
  
  768:ySuMLCCb8qs0z3NbVR1ZWTO1Wi+Ys46Aj4z9N9G8Iug3r0PggzQp7j5ALyspH:sMlbXzdz2TahTs4a9Nw8acgGKj5NsJ
Score

10^/10

netdooka discovery evasion execution loader persistence rat
- NetDooka
  NetDooka is a malware framework distributed by way of a pay-per-install and written in C#.
  loader rat netdooka
- Netdooka family
  netdooka
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Remote System Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

netdookadiscoveryevasionexecutionloaderpersistencerat

behavioral2

netdookadiscoveryloaderrat