doubleback | a6ebd6f62b4ed7309d0a0dad26132adb214193231ec565697b2d014d78f21f4c | Triage

Sharing

General

Target

Attachment files.iso
Size

1.2MB
Sample

211019-r4tdpagae3
MD5

120fd2049beb6666a7f4637e6a615e0a
SHA1

330548a663806d274520fa9b2547ec4e36377f4a
SHA256

a6ebd6f62b4ed7309d0a0dad26132adb214193231ec565697b2d014d78f21f4c
SHA512

a49c2176d8cbc4c774a73ad4b5d90cec08bd98885e983a08404ad15cd908ee6e9089a9d1d7528ab172ac64c89509b851013f906a89bfffaae69ca7cf60154ba4

Score

10^/10

doubleback backdoor

Malware Config

Targets

- Target
  
  Attachment.jpg.lnk
- Size
  
  1KB
- MD5
  
  e025546ff8afc85a32191af5bb32a6d5
- SHA1
  
  499ba488f9c681d239d58f7b79f3a7186cfbdd8c
- SHA256
  
  c3cb6b49bc15bd2a2acd369b8f2bc5170e27c749852a60922faf328b029f8076
- SHA512
  
  b5959d4823e270c8121dbadf45348a1c2c32c68cdde67624bb288ccdd0d97a254cb6ad3a4a9958ecac878df48d72c52afc3fe1c02cea6d92f6a57ec914746e38
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  z.ps1
- Size
  
  885KB
- MD5
  
  f5823f4078ed9420c7a716cb61f8ba6c
- SHA1
  
  5a4fefe3e37b29ec3065a2f80300ab9d79d3e68d
- SHA256
  
  8004875f540cbaf1fe2d3844a66c67bbf4b885dd592450c9a5f420fbca0f044d
- SHA512
  
  aab8d42e87e97600ec958d747f75c82899cd82fd2b63b538b8bbc59867ad26a09db3c8fb156d4a7b1e143a4042997d3324662715d6ed8c2eab0211efe03251bd
Score

10^/10

doubleback backdoor
- DoubleBack
  DoubleBack is a modular backdoor first seen in December 2020.
  backdoor doubleback
- DoubleBack x64 Payload
- Blocklisted process makes network request
- Deletes itself
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

doublebackbackdoor

behavioral4