General
-
Target
9730015009d0cbdbe0c743316f68e649e6ae212df7e0f9769b75f9d9275c8e83
-
Size
14.5MB
-
Sample
201115-zwdtby2s5a
-
MD5
1a59bd862e027948f92eed55452f7c31
-
SHA1
d8fe3364013d021cbfbd24e09e6fd3abe7fa4533
-
SHA256
9730015009d0cbdbe0c743316f68e649e6ae212df7e0f9769b75f9d9275c8e83
-
SHA512
00870b04fe5a494317d0e0ed95b4278f26eb8ad153cae47e15cdb02705127e8552584da7cb2f189828557dd61bbda50a82baf3d6156bd6494dd9cd8b1a9ee22f
Malware Config
Targets
-
-
Target
9730015009d0cbdbe0c743316f68e649e6ae212df7e0f9769b75f9d9275c8e83
-
Size
14.5MB
-
MD5
1a59bd862e027948f92eed55452f7c31
-
SHA1
d8fe3364013d021cbfbd24e09e6fd3abe7fa4533
-
SHA256
9730015009d0cbdbe0c743316f68e649e6ae212df7e0f9769b75f9d9275c8e83
-
SHA512
00870b04fe5a494317d0e0ed95b4278f26eb8ad153cae47e15cdb02705127e8552584da7cb2f189828557dd61bbda50a82baf3d6156bd6494dd9cd8b1a9ee22f
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-