General
-
Target
f0341ec61c2cd41911abdbf9c0470592
-
Size
13.4MB
-
Sample
201214-ll2wk7ndc2
-
MD5
f0341ec61c2cd41911abdbf9c0470592
-
SHA1
4f71295793b5dec415afa6b516a16fb65cd0ad9a
-
SHA256
b1a851f826af5c5668645413fb6d9310476c40d9fe5000f9ff3f26ce31997c4f
-
SHA512
c6ab6ffed2ff286cc3f043c3df2eb3c8778d96896b8a7484ec677d528998f24c023da01f8ad791bc26807eae4fecbf5cc4b0bcf5b12adf86dafde9e58ebc486f
Malware Config
Targets
-
-
Target
f0341ec61c2cd41911abdbf9c0470592
-
Size
13.4MB
-
MD5
f0341ec61c2cd41911abdbf9c0470592
-
SHA1
4f71295793b5dec415afa6b516a16fb65cd0ad9a
-
SHA256
b1a851f826af5c5668645413fb6d9310476c40d9fe5000f9ff3f26ce31997c4f
-
SHA512
c6ab6ffed2ff286cc3f043c3df2eb3c8778d96896b8a7484ec677d528998f24c023da01f8ad791bc26807eae4fecbf5cc4b0bcf5b12adf86dafde9e58ebc486f
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-