doubleback | a6ebd6f62b4ed7309d0a0dad26132adb214193231ec565697b2d014d78f21f4c | Triage

Sharing

General

Target

Attachment files.iso
Size

1.2MB
Sample

211019-r4tdpagae3
MD5

120fd2049beb6666a7f4637e6a615e0a
SHA1

330548a663806d274520fa9b2547ec4e36377f4a
SHA256

a6ebd6f62b4ed7309d0a0dad26132adb214193231ec565697b2d014d78f21f4c
SHA512

a49c2176d8cbc4c774a73ad4b5d90cec08bd98885e983a08404ad15cd908ee6e9089a9d1d7528ab172ac64c89509b851013f906a89bfffaae69ca7cf60154ba4

Score

10^/10

doubleback backdoor

Malware Config

Targets

- Target
  
  Attachment.jpg.lnk
- Size
  
  1KB
- MD5
  
  e025546ff8afc85a32191af5bb32a6d5
- SHA1
  
  499ba488f9c681d239d58f7b79f3a7186cfbdd8c
- SHA256
  
  c3cb6b49bc15bd2a2acd369b8f2bc5170e27c749852a60922faf328b029f8076
- SHA512
  
  b5959d4823e270c8121dbadf45348a1c2c32c68cdde67624bb288ccdd0d97a254cb6ad3a4a9958ecac878df48d72c52afc3fe1c02cea6d92f6a57ec914746e38
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  z.ps1
- Size
  
  885KB
- MD5
  
  f5823f4078ed9420c7a716cb61f8ba6c
- SHA1
  
  5a4fefe3e37b29ec3065a2f80300ab9d79d3e68d
- SHA256
  
  8004875f540cbaf1fe2d3844a66c67bbf4b885dd592450c9a5f420fbca0f044d
- SHA512
  
  aab8d42e87e97600ec958d747f75c82899cd82fd2b63b538b8bbc59867ad26a09db3c8fb156d4a7b1e143a4042997d3324662715d6ed8c2eab0211efe03251bd
Score

10^/10

doubleback backdoor
- DoubleBack
  DoubleBack is a modular backdoor first seen in December 2020.
  backdoor doubleback
- DoubleBack x64 Payload
- Blocklisted process makes network request
- Deletes itself
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

doublebackbackdoor

behavioral4