Overview

overview

10

Static

static

24471b9e69...1d.exe

windows7_x64

10

24471b9e69...1d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d

  • Size

    11.5MB

  • Sample

    201115-9gh1ajp1ns

  • MD5

    f5798b53c6d1bbc353d1392290fb820b

  • SHA1

    177dcf9893e497e484751bcb8724b941e41f1624

  • SHA256

    24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d

  • SHA512

    6b2d3e612351882627267458a5dfef0daec991fdd064950df21aa977336271e8377487688af8c213df932899b40f021f4339d715ca05276d14fba68a8f4397d0

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Targets

    • Target

      24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d

    • Size

      11.5MB

    • MD5

      f5798b53c6d1bbc353d1392290fb820b

    • SHA1

      177dcf9893e497e484751bcb8724b941e41f1624

    • SHA256

      24471b9e69843627ca1f88afefe3717d9cdbb92a1e55102b51d12d9a3388191d

    • SHA512

      6b2d3e612351882627267458a5dfef0daec991fdd064950df21aa977336271e8377487688af8c213df932899b40f021f4339d715ca05276d14fba68a8f4397d0

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks