General

  • Target

    files.zip

  • Size

    2.1MB

  • Sample

    210825-c36f7zp5nn

  • MD5

    77972116011ada1d5e03beeb63562877

  • SHA1

    a2e1c5429b9995e026be68d7732636243fccb952

  • SHA256

    d58dc2ab26df5783442b79e3edb7826599494b28f3c75fa3823cbc876f3707da

  • SHA512

    ad8744ab422c58e09ec1c547f586984e881e07066b8f9eb8993433cf554339d3340f35f8a3de5ca4bbdb10cff4faeb338a41fc934a054a97f45e6c1406d117ba

Score
10/10

Malware Config

Targets

    • Target

      4bd/472-84-0x000000001A910000-0x000000001A919000-memory.dmp

    • Size

      36KB

    • MD5

      b4eec11177d284bc32c20a06d0ab43fb

    • SHA1

      1d28dcb836ea4727dd05372e7996ef6e25bd8fca

    • SHA256

      b13ffaca4d87176cf54c5f567d24f8e509c78681c9cf55d8189936611dd58671

    • SHA512

      789cc0437d7ba500faa3db9619aa4c8f627040d5405b796f21c1122212671773eeecadedcded16112e2961de9cb220226880c161bba153db438c6f69258af01b

    Score
    3/10
    • Target

      4bd/Attachment.png.lnk

    • Size

      1KB

    • MD5

      15482111f86159dc4cca2034e5520350

    • SHA1

      7745a383710aa802613daaa245b456c77149d437

    • SHA256

      a0e0df53e65b8b4f229eeec3e5c839b9436910a2830854b9e52aa11cd2155d4b

    • SHA512

      6190c2808eb2712583a0c7b930d8bb6ca3628dcfdcfcc46b86153757b271220aa37d5fe6aed571a6575e941e3b222e29e086905c27eef85a2046d8108b66f92c

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      Attachment.png.lnk

    • Size

      1KB

    • MD5

      15482111f86159dc4cca2034e5520350

    • SHA1

      7745a383710aa802613daaa245b456c77149d437

    • SHA256

      a0e0df53e65b8b4f229eeec3e5c839b9436910a2830854b9e52aa11cd2155d4b

    • SHA512

      6190c2808eb2712583a0c7b930d8bb6ca3628dcfdcfcc46b86153757b271220aa37d5fe6aed571a6575e941e3b222e29e086905c27eef85a2046d8108b66f92c

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      work.ps1

    • Size

      1.4MB

    • MD5

      7ba4b5c5d3e3276a3cfe8d581cf7173b

    • SHA1

      79ba87b46562e75f097c1b6d23d3b63b9160bbaa

    • SHA256

      73737bf28fa00ea1380bf98a76f6c2ff34bf25e8b489750acccc45df8e898022

    • SHA512

      ccccc4402edc1c333f2b11955b4c2850f5b68674e473d57521cb009e2047a46f9c57c0151b9191d4a2e3b10931723d0191bba9b299ffb3bb293ff7d6f83598c6

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      4bd/ldr.dat

    • Size

      137KB

    • MD5

      968b67446e288eeca67a7ae36fb39e3d

    • SHA1

      c0872402677fe3cc74d16e5b7a26a031d5826c39

    • SHA256

      1605fecae9b37911e6965c7c2748eed0331f2282da507ab611cff3c9de7eb702

    • SHA512

      a0c7da64367b70fc5c79460a1b7cb4ae597245b38c66ca22506b79d7f31667f26453b8319cfd07281c09f3d42c4a64cb6da09488261327d78fa8e1af9258c792

    Score
    10/10
    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    • Target

      4bd/work.ps1

    • Size

      1.4MB

    • MD5

      7ba4b5c5d3e3276a3cfe8d581cf7173b

    • SHA1

      79ba87b46562e75f097c1b6d23d3b63b9160bbaa

    • SHA256

      73737bf28fa00ea1380bf98a76f6c2ff34bf25e8b489750acccc45df8e898022

    • SHA512

      ccccc4402edc1c333f2b11955b4c2850f5b68674e473d57521cb009e2047a46f9c57c0151b9191d4a2e3b10931723d0191bba9b299ffb3bb293ff7d6f83598c6

    Score
    8/10
    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks