General
-
Target
1d8bdb66f386e4a13eccbd5bd5d4a006da0b24350792b652767bf71499e3caed
-
Size
143KB
-
Sample
220607-dssfcsegb4
-
MD5
060bd7824d33fece88d0b30173fa9552
-
SHA1
79b6fc5843fa02d997733389cee31708cc709d34
-
SHA256
1d8bdb66f386e4a13eccbd5bd5d4a006da0b24350792b652767bf71499e3caed
-
SHA512
95cf4e435b9085b1ebf346c9c302e8b418113a737fb5976f3767b21e25a6070d8ee4ecbb9a13bc4428cac2c062518f1f38a7a824cc7b1c4d89dad462e9a749e6
Malware Config
Extracted
tofsee
91.218.38.245
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
1d8bdb66f386e4a13eccbd5bd5d4a006da0b24350792b652767bf71499e3caed
-
Size
143KB
-
MD5
060bd7824d33fece88d0b30173fa9552
-
SHA1
79b6fc5843fa02d997733389cee31708cc709d34
-
SHA256
1d8bdb66f386e4a13eccbd5bd5d4a006da0b24350792b652767bf71499e3caed
-
SHA512
95cf4e435b9085b1ebf346c9c302e8b418113a737fb5976f3767b21e25a6070d8ee4ecbb9a13bc4428cac2c062518f1f38a7a824cc7b1c4d89dad462e9a749e6
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-