Overview

overview

10

Static

static

1728.ps1

windows7_x64

1

1728.ps1

windows10-2004_x64

10

Scan_282.jpg.lnk

windows7_x64

3

Scan_282.jpg.lnk

windows10-2004_x64

10

Resubmissions

02-06-2022 22:15

220602-16kn1abhf3 10

02-06-2022 21:45

220602-1mh13abha3 7

02-06-2022 21:44

220602-1ln6pabgh8 8

02-06-2022 21:40

220602-1jcpwabgh5 10

02-06-2022 21:27

220602-1ay7hsffap 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d63c7a6-189a-486a-8fed-2bafc6784163.zip

  • Size

    124KB

  • Sample

    220602-1ay7hsffap

  • MD5

    546b7557b6cf548a0b4979ae0a60c896

  • SHA1

    19970bdd324107c487156393b58ab773bbc447f6

  • SHA256

    8ea25999fe93b84c817faa74af0ad94f0c0064d8e28fba5fea17665c38695430

  • SHA512

    10ffc893ff5f4692da67c10d5cae7bd1a4d6cecc8904eab631c710397427c1311fe65d019f343126062f10d6feb4916f6f1ff8e067306032f14ef769a14278a2

Score
10/10
doublebackbackdoor

Malware Config

Targets

    • Target

      1728.ps1

    • Size

      150KB

    • MD5

      732ac4665887f90ad5d320f0e462fce8

    • SHA1

      31cb6f21e3d2f50713163163d665053f83bb5bb4

    • SHA256

      3efec0b370dfacba1d8a2c9e8563441c6da54ae03925f3f845284d4ea9750731

    • SHA512

      8ec4408765d152108981b68a76c42a352f9c623d74220bbbce392500cb8e618a0bd4ac6e2f05057f8520d195d64c38a834facf5cfcf168546b68e4b0287dd849

    Score
    10/10
    doublebackbackdoor

    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

      backdoordoubleback

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      Scan_282.jpg.lnk

    • Size

      1KB

    • MD5

      371924fdfffd4ca69857e94260c34a74

    • SHA1

      2a1dc23c24010a8b5ef3b512ea3e3c6d2f52a44b

    • SHA256

      801086851a46749a95efc050102fb85b761c0ccb191dfd29ff39c6b7cacb6292

    • SHA512

      f9cbf21c27cf3473a2b73141dfd728d9d8824d20afc24f4b4b93ca5bf9536bd594c7a6d4100be2a2fc9c8e4b85b9dcf9797f61f60267128ea31cb44bfb43aba0

    Score
    10/10
    doublebackbackdoor

    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

      backdoordoubleback

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks