Overview

overview

10

Static

static

1fa3e0cc04...66.exe

windows7_x64

10

1fa3e0cc04...66.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fa3e0cc0442dbb6f0fcfe20ee1aba66

  • Size

    12.9MB

  • Sample

    201214-4krdhzenns

  • MD5

    1fa3e0cc0442dbb6f0fcfe20ee1aba66

  • SHA1

    423fbcc2ee9b37cb6878ce0a57f4d008b6d06ce5

  • SHA256

    09e707025066b12df30cef409b036a8e74e9ef66c9ea1398bee9bdce3b4d0d1b

  • SHA512

    447bb43df9d5dab44aba597de97889c15350a517fcef456d378347f77623043b9b215f3e022e97630b776d887e5c03a09b0d444d1d7d5a45bdb2b4f488477a95

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Targets

    • Target

      1fa3e0cc0442dbb6f0fcfe20ee1aba66

    • Size

      12.9MB

    • MD5

      1fa3e0cc0442dbb6f0fcfe20ee1aba66

    • SHA1

      423fbcc2ee9b37cb6878ce0a57f4d008b6d06ce5

    • SHA256

      09e707025066b12df30cef409b036a8e74e9ef66c9ea1398bee9bdce3b4d0d1b

    • SHA512

      447bb43df9d5dab44aba597de97889c15350a517fcef456d378347f77623043b9b215f3e022e97630b776d887e5c03a09b0d444d1d7d5a45bdb2b4f488477a95

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

1
T1050

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

New Service

1
T1050

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks