General

  • Target

    Text information.js

  • Size

    35KB

  • Sample

    210618-ja1cp4sg4x

  • MD5

    51bf52acf5121880a65144f201e60b52

  • SHA1

    091d1c859cbfe1cd0148fdb96fecd08cd55e1428

  • SHA256

    32f9704d37818253fbda931393fe3c1256f37931d0c36539cd20f49100080400

  • SHA512

    bf1328cdb2477edd1d37f43336fe781cea74aee5a431a16698ce685c62aac5f85994dded7226aa53b04d94331e0571e5752f20a6d4d22be4215eab557dba36ea

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://golfien.com/client.txt

Targets

    • Target

      Text information.js

    • Size

      35KB

    • MD5

      51bf52acf5121880a65144f201e60b52

    • SHA1

      091d1c859cbfe1cd0148fdb96fecd08cd55e1428

    • SHA256

      32f9704d37818253fbda931393fe3c1256f37931d0c36539cd20f49100080400

    • SHA512

      bf1328cdb2477edd1d37f43336fe781cea74aee5a431a16698ce685c62aac5f85994dded7226aa53b04d94331e0571e5752f20a6d4d22be4215eab557dba36ea

    Score
    10/10
    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks