General
-
Target
0886900e6ab222d3c07748d15656ac31
-
Size
10.6MB
-
Sample
201214-fg2tc7wxle
-
MD5
0886900e6ab222d3c07748d15656ac31
-
SHA1
09d03036d44c671692f1127c9f5b4a0d402b3774
-
SHA256
d3a5a7bd70448e907398655362e916a9de3c8e80f9af2582e6bacdb01b0b502a
-
SHA512
6520f0aa808539930f88c8f1f372f46de75c8ec12cee9774cbe3f885c78fe98a8c6a2c07171bb5d6aecef620e34fc9ef90e23451c166f7f7753107e914adb55f
Malware Config
Targets
-
-
Target
0886900e6ab222d3c07748d15656ac31
-
Size
10.6MB
-
MD5
0886900e6ab222d3c07748d15656ac31
-
SHA1
09d03036d44c671692f1127c9f5b4a0d402b3774
-
SHA256
d3a5a7bd70448e907398655362e916a9de3c8e80f9af2582e6bacdb01b0b502a
-
SHA512
6520f0aa808539930f88c8f1f372f46de75c8ec12cee9774cbe3f885c78fe98a8c6a2c07171bb5d6aecef620e34fc9ef90e23451c166f7f7753107e914adb55f
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Suspicious use of SetThreadContext
-