General

  • Target

    work.ps1

  • Size

    1.4MB

  • Sample

    210825-wzts68d5gn

  • MD5

    7ba4b5c5d3e3276a3cfe8d581cf7173b

  • SHA1

    79ba87b46562e75f097c1b6d23d3b63b9160bbaa

  • SHA256

    73737bf28fa00ea1380bf98a76f6c2ff34bf25e8b489750acccc45df8e898022

  • SHA512

    ccccc4402edc1c333f2b11955b4c2850f5b68674e473d57521cb009e2047a46f9c57c0151b9191d4a2e3b10931723d0191bba9b299ffb3bb293ff7d6f83598c6

Score
10/10

Malware Config

Targets

    • Target

      work.ps1

    • Size

      1.4MB

    • MD5

      7ba4b5c5d3e3276a3cfe8d581cf7173b

    • SHA1

      79ba87b46562e75f097c1b6d23d3b63b9160bbaa

    • SHA256

      73737bf28fa00ea1380bf98a76f6c2ff34bf25e8b489750acccc45df8e898022

    • SHA512

      ccccc4402edc1c333f2b11955b4c2850f5b68674e473d57521cb009e2047a46f9c57c0151b9191d4a2e3b10931723d0191bba9b299ffb3bb293ff7d6f83598c6

    Score
    10/10
    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks