Overview

overview

10

Static

static

977f60bb46...04.exe

windows7_x64

10

977f60bb46...04.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    977f60bb46c98f4fece2c317fc17c504

  • Size

    14.2MB

  • Sample

    201214-kldby3ay6a

  • MD5

    977f60bb46c98f4fece2c317fc17c504

  • SHA1

    d246ad0209ed7041b0ee9004b36a4bad0513d876

  • SHA256

    2d09b4467fcf47fe6e2f95ea3af4b5dffe0522d87c1cbbe85bbe71ba81d7f628

  • SHA512

    4104422354bce5a50c08dda09529ddaef96fde520a84cf5f3c2ebfec794dfd1ba0c3ae0c7483ca6aef9c104f389db07793e05f0b1905a0fe7d03609c01677a39

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Targets

    • Target

      977f60bb46c98f4fece2c317fc17c504

    • Size

      14.2MB

    • MD5

      977f60bb46c98f4fece2c317fc17c504

    • SHA1

      d246ad0209ed7041b0ee9004b36a4bad0513d876

    • SHA256

      2d09b4467fcf47fe6e2f95ea3af4b5dffe0522d87c1cbbe85bbe71ba81d7f628

    • SHA512

      4104422354bce5a50c08dda09529ddaef96fde520a84cf5f3c2ebfec794dfd1ba0c3ae0c7483ca6aef9c104f389db07793e05f0b1905a0fe7d03609c01677a39

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

1
T1050

Modify Existing Service

1
T1031

Privilege Escalation

New Service

1
T1050

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks