tofsee | 001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
Size

282KB
Sample

220124-w8pzaahbhl
MD5

18c9966d638879f5aa95b437b8322001
SHA1

5364a8da1d0a4caa2dac204a325a24c1e84196f3
SHA256

001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
SHA512

6cfb7851cc2a1b2fc2cc179c9db9fc045d251e3b85f6786fe08b87ae5238d9c93b162083bdfd09ab56a811808b3b201c04eedead8e2410d09baac41445812646

Score

10^/10

tofsee evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f.exe

Resource

win10v2004-en-20220112

tofsee evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

patmushta.info

ovicrush.cn

Targets

- Target
  
  001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
- Size
  
  282KB
- MD5
  
  18c9966d638879f5aa95b437b8322001
- SHA1
  
  5364a8da1d0a4caa2dac204a325a24c1e84196f3
- SHA256
  
  001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
- SHA512
  
  6cfb7851cc2a1b2fc2cc179c9db9fc045d251e3b85f6786fe08b87ae5238d9c93b162083bdfd09ab56a811808b3b201c04eedead8e2410d09baac41445812646
Score

10^/10

tofsee evasion persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseeevasionpersistencetrojan

© 2018-2024

Terms | Privacy