Overview

overview

10

Static

static

b355dc0b18...d3.exe

windows7_x64

10

b355dc0b18...d3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b355dc0b186600b6812852aaba586ad3

  • Size

    14.9MB

  • Sample

    201214-qsxbn28qln

  • MD5

    b355dc0b186600b6812852aaba586ad3

  • SHA1

    c4cfb0e6073a520bb06bf442b322a1cc3f30b8f5

  • SHA256

    accf3e9fbd47c991968f035df3bfde01beddbb1dbcd667bd13dad9c52c18e17c

  • SHA512

    67cc9bcd4ab5703d2be50986a875d412cb4446b5b277c32b596bc386d13eaa1b1ffb85cc4a85ff7d85d15c5dac4048823f011c6cb3586bfcfe390d3a78d73ef5

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Targets

    • Target

      b355dc0b186600b6812852aaba586ad3

    • Size

      14.9MB

    • MD5

      b355dc0b186600b6812852aaba586ad3

    • SHA1

      c4cfb0e6073a520bb06bf442b322a1cc3f30b8f5

    • SHA256

      accf3e9fbd47c991968f035df3bfde01beddbb1dbcd667bd13dad9c52c18e17c

    • SHA512

      67cc9bcd4ab5703d2be50986a875d412cb4446b5b277c32b596bc386d13eaa1b1ffb85cc4a85ff7d85d15c5dac4048823f011c6cb3586bfcfe390d3a78d73ef5

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks