Overview

overview

10

Static

static

Invoice-06-1022.iso

windows7_x64

3

Invoice-06-1022.iso

windows10-2004_x64

3

1728.ps1

windows7_x64

1

1728.ps1

windows10-2004_x64

10

Scan_282.jpg

windows7_x64

3

Scan_282.jpg

windows10-2004_x64

3

Scan_282.jpg.lnk

windows7_x64

3

Scan_282.jpg.lnk

windows10-2004_x64

8

x.txt

windows7_x64

1

x.txt

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d63c7a6-189a-486a-8fed-2bafc6784163.zip

  • Size

    124KB

  • Sample

    220603-e343ksgbh8

  • MD5

    546b7557b6cf548a0b4979ae0a60c896

  • SHA1

    19970bdd324107c487156393b58ab773bbc447f6

  • SHA256

    8ea25999fe93b84c817faa74af0ad94f0c0064d8e28fba5fea17665c38695430

  • SHA512

    10ffc893ff5f4692da67c10d5cae7bd1a4d6cecc8904eab631c710397427c1311fe65d019f343126062f10d6feb4916f6f1ff8e067306032f14ef769a14278a2

Score
10/10
doublebackbackdoor

Malware Config

Targets

    • Target

      Invoice-06-1022.iso

    • Size

      296KB

    • MD5

      8e587660e5777ca12b72d46c88974db0

    • SHA1

      a874bf87883d194ffee7629b5aff023dbfc53cc3

    • SHA256

      867bdda02963b8226378c1d9c7fd01c951b6410a20a054e1fc470bfd2139b1a3

    • SHA512

      65f30cee14049df3eb34af6654b2eee6984fb2a2e8a32a4441972934a797a16f5696fdc240e39d1a314ad0047abf9d7486301a5814692b5f15c90253944ed6f8

    Score
    3/10
    behavioral1behavioral2

    • Target

      1728.ps1

    • Size

      150KB

    • MD5

      732ac4665887f90ad5d320f0e462fce8

    • SHA1

      31cb6f21e3d2f50713163163d665053f83bb5bb4

    • SHA256

      3efec0b370dfacba1d8a2c9e8563441c6da54ae03925f3f845284d4ea9750731

    • SHA512

      8ec4408765d152108981b68a76c42a352f9c623d74220bbbce392500cb8e618a0bd4ac6e2f05057f8520d195d64c38a834facf5cfcf168546b68e4b0287dd849

    Score
    10/10
    doublebackbackdoor

    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

      backdoordoubleback

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    behavioral3behavioral4

    • Target

      Scan_282.jpg

    • Size

      88KB

    • MD5

      f9b2333cc7e93568486a672225f2dd69

    • SHA1

      c0143893cd2461fb2dc2c84330c1bf469dc93c34

    • SHA256

      7e3875bf31005d9d352d9b029e4364df19dccf6c77f16539ca974f224a30347c

    • SHA512

      d30732aba584782ef2783f388ca9183f9c4b02ec6b3e8741a91fae152f2bae19b655a53d19fc2cdbf85a0da3621d0de6c50129435b6ba937a083416d2d22c7f1

    Score
    3/10
    behavioral5behavioral6

    • Target

      Scan_282.jpg.lnk

    • Size

      1KB

    • MD5

      371924fdfffd4ca69857e94260c34a74

    • SHA1

      2a1dc23c24010a8b5ef3b512ea3e3c6d2f52a44b

    • SHA256

      801086851a46749a95efc050102fb85b761c0ccb191dfd29ff39c6b7cacb6292

    • SHA512

      f9cbf21c27cf3473a2b73141dfd728d9d8824d20afc24f4b4b93ca5bf9536bd594c7a6d4100be2a2fc9c8e4b85b9dcf9797f61f60267128ea31cb44bfb43aba0

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      x.txt

    • Size

      287B

    • MD5

      50e8bafcb14799325c797c98d6ec21c8

    • SHA1

      f2fe6f4bb60c323983f3be5a68e5c8e63a283c20

    • SHA256

      6506bc481aa044cb2c1467e432a37e8eb8856f6854e8c80ba814204b45726559

    • SHA512

      1f2f0acc38a4aef87d51a4d4b342d996eb3a95185741ab4448a20f611368fd1ab30b9fda3361668afd7958cee09a77021cd64c3d25df766abd6dff64a27ea10b

    Score
    1/10
    behavioral9behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks