General
-
Target
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
Size
150KB
-
Sample
220620-bq1b3scca9
-
MD5
6ab83c7b097ab214b88c82fe574b54aa
-
SHA1
1ecb7a96d52c0d1508bff3aedba472bf46a89d37
-
SHA256
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
SHA512
10affd6dd0d0dacfb6fb6c911e7247da62b9a3cf174ab82cd79e0ebf5fa09400df728d616023b5ac774ba6b02d5b934e0ea06d3449e0fe346fff5cd07beb752e
Malware Config
Extracted
tofsee
91.218.38.245
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
Size
150KB
-
MD5
6ab83c7b097ab214b88c82fe574b54aa
-
SHA1
1ecb7a96d52c0d1508bff3aedba472bf46a89d37
-
SHA256
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
SHA512
10affd6dd0d0dacfb6fb6c911e7247da62b9a3cf174ab82cd79e0ebf5fa09400df728d616023b5ac774ba6b02d5b934e0ea06d3449e0fe346fff5cd07beb752e
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-