doubleback | c3a06c5448869d4f136f1c15926ec4b2df48993fb86f3bd5dd4a69afbe3d46e4 | Triage

Sharing

General

Target

Invoice-06-0922.iso
Size

442KB
Sample

220602-zpsslsbeh5
MD5

0a9cd4404ef6392b4946e759e2dfb4c7
SHA1

024fdb8e0fe1ad9cf62fb4c4ea8fe7ee830bd5f5
SHA256

c3a06c5448869d4f136f1c15926ec4b2df48993fb86f3bd5dd4a69afbe3d46e4
SHA512

2a6033a56993b563adabe903f084d003ad759431aee62d100759705b9034aae6175629b5d7637f44311bf804b32b6922d09d0cc459cd814a15f02c794bfc494e

Score

10^/10

doubleback backdoor

Malware Config

Targets

- Target
  
  Invoice-06-0922.iso
- Size
  
  442KB
- MD5
  
  0a9cd4404ef6392b4946e759e2dfb4c7
- SHA1
  
  024fdb8e0fe1ad9cf62fb4c4ea8fe7ee830bd5f5
- SHA256
  
  c3a06c5448869d4f136f1c15926ec4b2df48993fb86f3bd5dd4a69afbe3d46e4
- SHA512
  
  2a6033a56993b563adabe903f084d003ad759431aee62d100759705b9034aae6175629b5d7637f44311bf804b32b6922d09d0cc459cd814a15f02c794bfc494e
Score

3^/10
behavioral1 behavioral2
- Target
  
  1204.ps1
- Size
  
  296KB
- MD5
  
  8a6d292fdd55ddb97fd2df336f66cfbb
- SHA1
  
  348401596d0b44faf930787380e146cb5f57795f
- SHA256
  
  bac3ed96090fb8ceed04adef4857bb8fd50b49ed65655f688e06d207f2daa3b8
- SHA512
  
  c0dd1b85b19a2f969e4ad9948ef195ba7e5246ce5b45eb27b17c98accf9daf1004b595d3fa0f753cb98ebceb2e5b1bed6b22a31abd69e1467d0b78b3b1374055
Score

10^/10

doubleback backdoor
- DoubleBack
  DoubleBack is a modular backdoor first seen in December 2020.
  backdoor doubleback
- DoubleBack x64 Payload
- Blocklisted process makes network request
behavioral3 behavioral4
- Target
  
  Scan_314.jpg
- Size
  
  88KB
- MD5
  
  f9b2333cc7e93568486a672225f2dd69
- SHA1
  
  c0143893cd2461fb2dc2c84330c1bf469dc93c34
- SHA256
  
  7e3875bf31005d9d352d9b029e4364df19dccf6c77f16539ca974f224a30347c
- SHA512
  
  d30732aba584782ef2783f388ca9183f9c4b02ec6b3e8741a91fae152f2bae19b655a53d19fc2cdbf85a0da3621d0de6c50129435b6ba937a083416d2d22c7f1
Score

3^/10
behavioral5 behavioral6
- Target
  
  Scan_314.jpg.lnk
- Size
  
  1KB
- MD5
  
  a43cd61911f636d590eb9a5edfc4777f
- SHA1
  
  419c382c0311691ee2ba00537d640500d1896366
- SHA256
  
  6ec963361dc22ff695854bbb3838856d78c1aef73ea07fc855b6d82b57ca51b1
- SHA512
  
  b8889b2f6cde2f85bdcdbe7f529bcdfb6637ec7b29c8f0d1198e954467fb404e1441195942abdb6029bdad5a224628fd05d8f6f8fe0431eb5d9bd13d2e2d7958
Score

10^/10

doubleback backdoor
- DoubleBack
  DoubleBack is a modular backdoor first seen in December 2020.
  backdoor doubleback
- DoubleBack x64 Payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  x.txt
- Size
  
  288B
- MD5
  
  693cfc31ac4238d88de56ed5cc0241f9
- SHA1
  
  6d13fb459f8e98b0f2809b0ddbf31324f02a04bb
- SHA256
  
  a128e719e7c92826212941176d93c6373c306d8b924a8a932be23d902d6e8577
- SHA512
  
  747e9a9a26bb2668be184e08f640aeeb89525ea1b549bc437974b7e9106bcc809c3b06a6905e458daee9ced8ecd4ad70677ce6b3e19f56fa8ec042657d3107f9
Score

1^/10
behavioral9 behavioral10

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

doublebackbackdoor

behavioral5

behavioral6

behavioral7

behavioral8

doublebackbackdoor

behavioral9

behavioral10