Overview

overview

10

Static

static

aff9ab5bd7...da.exe

windows7_x64

10

aff9ab5bd7...da.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aff9ab5bd7309235fdfc643d535f89da

  • Size

    15.0MB

  • Sample

    201214-a8r4w5jwwe

  • MD5

    aff9ab5bd7309235fdfc643d535f89da

  • SHA1

    7cbf21edc211abbf977f2ed01e317166e00c84ab

  • SHA256

    83f46bbf5414ef3e3eba95cbabf5b48802e01a426e14d4ebe51e6a6b6c67a574

  • SHA512

    0839288097ed86580fae041b59ac51aceac24e22ba5aef9bd50865de2dc2d897608dde150c4a6cc240bb9cab16a49b1c36d84bde9d07b761b3251878d7ca4cd2

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Targets

    • Target

      aff9ab5bd7309235fdfc643d535f89da

    • Size

      15.0MB

    • MD5

      aff9ab5bd7309235fdfc643d535f89da

    • SHA1

      7cbf21edc211abbf977f2ed01e317166e00c84ab

    • SHA256

      83f46bbf5414ef3e3eba95cbabf5b48802e01a426e14d4ebe51e6a6b6c67a574

    • SHA512

      0839288097ed86580fae041b59ac51aceac24e22ba5aef9bd50865de2dc2d897608dde150c4a6cc240bb9cab16a49b1c36d84bde9d07b761b3251878d7ca4cd2

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

1
T1050

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

New Service

1
T1050

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks