doubleback | 213aac6cd084401cdcaa0abc3d790009f08882e68228a314c511cf1d9ddc90e6 | Triage

Submit
Reports

Overview

overview

Static

static

rezidende.vbs

windows10-2004-x64

Sharing

General

Target

rezidende.vbs
Size

1KB
Sample

230120-qjppbsfg9v
MD5

a0b04a7f13d1e54a99b07d3f293c1ce5
SHA1

75555b065adf05b9364a04dd88a7b0d2e96c6a6c
SHA256

213aac6cd084401cdcaa0abc3d790009f08882e68228a314c511cf1d9ddc90e6
SHA512

b7f4934d480d6eb5762342a072be6d997eb4278f9c41fad1c609b473c37b8603557178fb3a2eada02f38356c37d6c80cf3e3b015a32d6f5932847652693a0293

Score

10^/10

doubleback backdoor

Static task

static1

Behavioral task

behavioral1

Sample

rezidende.vbs

Resource

win10v2004-20220812-en

doubleback backdoor

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  rezidende.vbs
- Size
  
  1KB
- MD5
  
  a0b04a7f13d1e54a99b07d3f293c1ce5
- SHA1
  
  75555b065adf05b9364a04dd88a7b0d2e96c6a6c
- SHA256
  
  213aac6cd084401cdcaa0abc3d790009f08882e68228a314c511cf1d9ddc90e6
- SHA512
  
  b7f4934d480d6eb5762342a072be6d997eb4278f9c41fad1c609b473c37b8603557178fb3a2eada02f38356c37d6c80cf3e3b015a32d6f5932847652693a0293
Score

10^/10

doubleback backdoor
- DoubleBack
  DoubleBack is a modular backdoor first seen in December 2020.
  backdoor doubleback
- DoubleBack x64 payload
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

doublebackbackdoor

© 2018-2024

Terms | Privacy