Overview

overview

10

Static

static

Invoice-06-0922.iso

windows7_x64

3

Invoice-06-0922.iso

windows10-2004_x64

3

1204.ps1

windows7_x64

1

1204.ps1

windows10-2004_x64

10

Scan_314.jpg

windows7_x64

3

Scan_314.jpg

windows10-2004_x64

3

Scan_314.jpg.lnk

windows7_x64

3

Scan_314.jpg.lnk

windows10-2004_x64

10

x.txt

windows7_x64

1

x.txt

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice-06-0922.iso

  • Size

    442KB

  • Sample

    220602-zpsslsbeh5

  • MD5

    0a9cd4404ef6392b4946e759e2dfb4c7

  • SHA1

    024fdb8e0fe1ad9cf62fb4c4ea8fe7ee830bd5f5

  • SHA256

    c3a06c5448869d4f136f1c15926ec4b2df48993fb86f3bd5dd4a69afbe3d46e4

  • SHA512

    2a6033a56993b563adabe903f084d003ad759431aee62d100759705b9034aae6175629b5d7637f44311bf804b32b6922d09d0cc459cd814a15f02c794bfc494e

Score
10/10
doublebackbackdoor

Malware Config

Targets

    • Target

      Invoice-06-0922.iso

    • Size

      442KB

    • MD5

      0a9cd4404ef6392b4946e759e2dfb4c7

    • SHA1

      024fdb8e0fe1ad9cf62fb4c4ea8fe7ee830bd5f5

    • SHA256

      c3a06c5448869d4f136f1c15926ec4b2df48993fb86f3bd5dd4a69afbe3d46e4

    • SHA512

      2a6033a56993b563adabe903f084d003ad759431aee62d100759705b9034aae6175629b5d7637f44311bf804b32b6922d09d0cc459cd814a15f02c794bfc494e

    Score
    3/10
    behavioral1behavioral2

    • Target

      1204.ps1

    • Size

      296KB

    • MD5

      8a6d292fdd55ddb97fd2df336f66cfbb

    • SHA1

      348401596d0b44faf930787380e146cb5f57795f

    • SHA256

      bac3ed96090fb8ceed04adef4857bb8fd50b49ed65655f688e06d207f2daa3b8

    • SHA512

      c0dd1b85b19a2f969e4ad9948ef195ba7e5246ce5b45eb27b17c98accf9daf1004b595d3fa0f753cb98ebceb2e5b1bed6b22a31abd69e1467d0b78b3b1374055

    Score
    10/10
    doublebackbackdoor

    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

      backdoordoubleback

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    behavioral3behavioral4

    • Target

      Scan_314.jpg

    • Size

      88KB

    • MD5

      f9b2333cc7e93568486a672225f2dd69

    • SHA1

      c0143893cd2461fb2dc2c84330c1bf469dc93c34

    • SHA256

      7e3875bf31005d9d352d9b029e4364df19dccf6c77f16539ca974f224a30347c

    • SHA512

      d30732aba584782ef2783f388ca9183f9c4b02ec6b3e8741a91fae152f2bae19b655a53d19fc2cdbf85a0da3621d0de6c50129435b6ba937a083416d2d22c7f1

    Score
    3/10
    behavioral5behavioral6

    • Target

      Scan_314.jpg.lnk

    • Size

      1KB

    • MD5

      a43cd61911f636d590eb9a5edfc4777f

    • SHA1

      419c382c0311691ee2ba00537d640500d1896366

    • SHA256

      6ec963361dc22ff695854bbb3838856d78c1aef73ea07fc855b6d82b57ca51b1

    • SHA512

      b8889b2f6cde2f85bdcdbe7f529bcdfb6637ec7b29c8f0d1198e954467fb404e1441195942abdb6029bdad5a224628fd05d8f6f8fe0431eb5d9bd13d2e2d7958

    Score
    10/10
    doublebackbackdoor

    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

      backdoordoubleback

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      x.txt

    • Size

      288B

    • MD5

      693cfc31ac4238d88de56ed5cc0241f9

    • SHA1

      6d13fb459f8e98b0f2809b0ddbf31324f02a04bb

    • SHA256

      a128e719e7c92826212941176d93c6373c306d8b924a8a932be23d902d6e8577

    • SHA512

      747e9a9a26bb2668be184e08f640aeeb89525ea1b549bc437974b7e9106bcc809c3b06a6905e458daee9ced8ecd4ad70677ce6b3e19f56fa8ec042657d3107f9

    Score
    1/10
    behavioral9behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks