Overview

overview

10

Static

static

1127.ps1

windows7_x64

1

1127.ps1

windows10-2004_x64

10

Scan_660.jpg.lnk

windows7_x64

3

Scan_660.jpg.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice-06-0422.iso

  • Size

    290KB

  • Sample

    220603-pezhasegc3

  • MD5

    e7e480d5d1e8dc235899eb28099f7e4d

  • SHA1

    9d921d6c21b6c13fc2204277d40b3c22b8974f09

  • SHA256

    393892b084c69c041dff268ed0e3e3b3564c80e35eb5caae73f74e9faa472522

  • SHA512

    6239324ec1b35d32b7e6c296ad8366318eea121c588a1fdea6b77f0518088541e9ad98fc127e91ef642e8a7748f64c4d077a9acedbc720b4d8e43b576ee0210e

Score
10/10
doublebackbackdoor

Malware Config

Targets

    • Target

      1127.ps1

    • Size

      144KB

    • MD5

      c81a105cc43cfc5cf1235ecd00f13ba2

    • SHA1

      24fc2bb78929f8060894c6db3eb59f14bcfc6ccd

    • SHA256

      aa165be74685672c97476ffb5f1536bcf23269db4bde4537206b49fd61805d97

    • SHA512

      57641cab24cc922012a15ded50c977c6c3813ac5320a93883c33a4364073a1c410d9b3b6924d9f383d4262e244e3876d35624dd2435016820394bd005660d938

    Score
    10/10
    doublebackbackdoor

    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

      backdoordoubleback

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      Scan_660.jpg.lnk

    • Size

      1KB

    • MD5

      29cac9f4a4b2cbc6606c0a7751b8b378

    • SHA1

      1d79526b5e9a77d7c4c1f6b4454a935cbee58706

    • SHA256

      5d95b0022d4c258df18fd392ff033a13d21a9b78279f88fdbc04da53ca5a124d

    • SHA512

      1ec8cd6845af4cfdb49570ca0f6437869f637e96f146bff76f9d1dc12ca667af5edc6c3ce8a75666a3735912ca3f58cc51af78ab3b4cbe50197b347361a3f69d

    Score
    10/10
    doublebackbackdoor

    • DoubleBack

      DoubleBack is a modular backdoor first seen in December 2020.

      backdoordoubleback

    • DoubleBack x64 Payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks