doubleback | 59de5c70ad1a5134fda141c933380bf1e55eb52e041ff37cf5394f8b9dcb5767 | Triage

Submit
Reports

Overview

overview

Static

static

document-37-1849.xls

windows7_x64

document-37-1849.xls

windows10_x64

Resubmissions

03-06-2021 10:37

210603-tks7epc9ka 10

01-06-2021 16:54

210601-fpxsgwd8p2 10

Sharing

General

Target

document-37-1849.xls.ZIP
Size

176KB
Sample

210601-fpxsgwd8p2
MD5

872f30683bd1528b251149fd61f3e2ba
SHA1

68cfd5dcfe38fdc2e9eb353169c1d5acb09ce994
SHA256

59de5c70ad1a5134fda141c933380bf1e55eb52e041ff37cf5394f8b9dcb5767
SHA512

5665468bde8a378c7d84f44a20bfb97c812e59b038274f89d1449fb7c4231045fd902f6588984ffe1531fe0b4866fcba00e0a365d9bbcf3cf0e240fa563cc768

Score

10^/10

doubleback backdoor

Static task

static1

Behavioral task

behavioral1

Sample

document-37-1849.xls

Resource

win7v20210408

doubleback backdoor

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-37-1849.xls

Resource

win10v20210410

doubleback backdoor

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://austinheisey.com/xls/black/index/processingSetRequestDownloadPayloader/?servername=excel

Targets

- Target
  
  document-37-1849.xls
- Size
  
  187KB
- MD5
  
  c41a21a821bcdea1d3ab26ebef055eed
- SHA1
  
  912c8c1792dd33bac263df4b71242078d74741e9
- SHA256
  
  d1d0ac76e59b9e2a8ae3a433e0186d74fc61417c89fe5ee4b93c02faa1dc58f8
- SHA512
  
  ed665e9a7d3e950318628ad4ea112da063e4f156ea7d2d58fbeaa31cc2486c7d2debb779da72723d8f55bdec6b9a4b87f9d148c50b0a368c4bc5b59ac646a42a
Score

10^/10

doubleback backdoor
- DoubleBack
  DoubleBack is a modular backdoor first seen in December 2020.
  backdoor doubleback
- DoubleBack x64 Payload
- DoubleBack x86 Payload
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

doublebackbackdoor

behavioral2

doublebackbackdoor

© 2018-2024

Terms | Privacy