Overview

overview

10

Static

static

9274f09e45...5e.exe

windows7_x64

10

9274f09e45...5e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9274f09e455169d55a5c965f5bd74c5e

  • Size

    14.4MB

  • Sample

    201214-7z8pjv881s

  • MD5

    9274f09e455169d55a5c965f5bd74c5e

  • SHA1

    09ade51af159576ed06a5de8b087fc151943c955

  • SHA256

    2a0a1e4045873d15044e2725e2f65c0a7fbd6dade9a2b2ec65a84cb6a87977ae

  • SHA512

    5fb259bef76cb4545757c701c7fc0f663440ecf63eee47b45e35e46a5fbf6f1a21b950ddacce156cf41a3f22cbe92e3eb45a1b74ac54a4707d9b4d009c3de5be

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Targets

    • Target

      9274f09e455169d55a5c965f5bd74c5e

    • Size

      14.4MB

    • MD5

      9274f09e455169d55a5c965f5bd74c5e

    • SHA1

      09ade51af159576ed06a5de8b087fc151943c955

    • SHA256

      2a0a1e4045873d15044e2725e2f65c0a7fbd6dade9a2b2ec65a84cb6a87977ae

    • SHA512

      5fb259bef76cb4545757c701c7fc0f663440ecf63eee47b45e35e46a5fbf6f1a21b950ddacce156cf41a3f22cbe92e3eb45a1b74ac54a4707d9b4d009c3de5be

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

1
T1050

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

New Service

1
T1050

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks