doubleback | d58dc2ab26df5783442b79e3edb7826599494b28f3c75fa3823cbc876f3707da | Triage

Sharing

General

Target

files.zip
Size

2.1MB
Sample

210825-c36f7zp5nn
MD5

77972116011ada1d5e03beeb63562877
SHA1

a2e1c5429b9995e026be68d7732636243fccb952
SHA256

d58dc2ab26df5783442b79e3edb7826599494b28f3c75fa3823cbc876f3707da
SHA512

ad8744ab422c58e09ec1c547f586984e881e07066b8f9eb8993433cf554339d3340f35f8a3de5ca4bbdb10cff4faeb338a41fc934a054a97f45e6c1406d117ba

Score

10^/10

doubleback backdoor

Malware Config

Targets

- Target
  
  4bd/472-84-0x000000001A910000-0x000000001A919000-memory.dmp
- Size
  
  36KB
- MD5
  
  b4eec11177d284bc32c20a06d0ab43fb
- SHA1
  
  1d28dcb836ea4727dd05372e7996ef6e25bd8fca
- SHA256
  
  b13ffaca4d87176cf54c5f567d24f8e509c78681c9cf55d8189936611dd58671
- SHA512
  
  789cc0437d7ba500faa3db9619aa4c8f627040d5405b796f21c1122212671773eeecadedcded16112e2961de9cb220226880c161bba153db438c6f69258af01b
Score

3^/10
behavioral1 behavioral2
- Target
  
  4bd/Attachment.png.lnk
- Size
  
  1KB
- MD5
  
  15482111f86159dc4cca2034e5520350
- SHA1
  
  7745a383710aa802613daaa245b456c77149d437
- SHA256
  
  a0e0df53e65b8b4f229eeec3e5c839b9436910a2830854b9e52aa11cd2155d4b
- SHA512
  
  6190c2808eb2712583a0c7b930d8bb6ca3628dcfdcfcc46b86153757b271220aa37d5fe6aed571a6575e941e3b222e29e086905c27eef85a2046d8108b66f92c
Score

8^/10
- Blocklisted process makes network request
behavioral3 behavioral4
- Target
  
  Attachment.png.lnk
- Size
  
  1KB
- MD5
  
  15482111f86159dc4cca2034e5520350
- SHA1
  
  7745a383710aa802613daaa245b456c77149d437
- SHA256
  
  a0e0df53e65b8b4f229eeec3e5c839b9436910a2830854b9e52aa11cd2155d4b
- SHA512
  
  6190c2808eb2712583a0c7b930d8bb6ca3628dcfdcfcc46b86153757b271220aa37d5fe6aed571a6575e941e3b222e29e086905c27eef85a2046d8108b66f92c
Score

8^/10
- Blocklisted process makes network request
behavioral5 behavioral6
- Target
  
  work.ps1
- Size
  
  1.4MB
- MD5
  
  7ba4b5c5d3e3276a3cfe8d581cf7173b
- SHA1
  
  79ba87b46562e75f097c1b6d23d3b63b9160bbaa
- SHA256
  
  73737bf28fa00ea1380bf98a76f6c2ff34bf25e8b489750acccc45df8e898022
- SHA512
  
  ccccc4402edc1c333f2b11955b4c2850f5b68674e473d57521cb009e2047a46f9c57c0151b9191d4a2e3b10931723d0191bba9b299ffb3bb293ff7d6f83598c6
Score

8^/10
- Blocklisted process makes network request
behavioral7 behavioral8
- Target
  
  4bd/ldr.dat
- Size
  
  137KB
- MD5
  
  968b67446e288eeca67a7ae36fb39e3d
- SHA1
  
  c0872402677fe3cc74d16e5b7a26a031d5826c39
- SHA256
  
  1605fecae9b37911e6965c7c2748eed0331f2282da507ab611cff3c9de7eb702
- SHA512
  
  a0c7da64367b70fc5c79460a1b7cb4ae597245b38c66ca22506b79d7f31667f26453b8319cfd07281c09f3d42c4a64cb6da09488261327d78fa8e1af9258c792
Score

10^/10

doubleback backdoor
- DoubleBack
  DoubleBack is a modular backdoor first seen in December 2020.
  backdoor doubleback
- DoubleBack x64 Payload
- Blocklisted process makes network request
behavioral9 behavioral10
- Target
  
  4bd/work.ps1
- Size
  
  1.4MB
- MD5
  
  7ba4b5c5d3e3276a3cfe8d581cf7173b
- SHA1
  
  79ba87b46562e75f097c1b6d23d3b63b9160bbaa
- SHA256
  
  73737bf28fa00ea1380bf98a76f6c2ff34bf25e8b489750acccc45df8e898022
- SHA512
  
  ccccc4402edc1c333f2b11955b4c2850f5b68674e473d57521cb009e2047a46f9c57c0151b9191d4a2e3b10931723d0191bba9b299ffb3bb293ff7d6f83598c6
Score

8^/10
- Blocklisted process makes network request
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

doublebackbackdoor

behavioral10

behavioral11

behavioral12