General
-
Target
31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29
-
Size
188KB
-
Sample
220620-vwqvdagafp
-
MD5
1105de805f1450aa298c8e1a4e66032b
-
SHA1
b37cc2df88bdd24e6132b1cff5d541df8d14fe69
-
SHA256
31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29
-
SHA512
6630672aca0d671ac3f8f6cd970139a1eae713ce3f911d1488d2c594178dc2bba6f1fc574a456c7829027f6a6f4e8660c5e76f83fde9fd98ecc91201e10e3699
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29
-
Size
188KB
-
MD5
1105de805f1450aa298c8e1a4e66032b
-
SHA1
b37cc2df88bdd24e6132b1cff5d541df8d14fe69
-
SHA256
31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29
-
SHA512
6630672aca0d671ac3f8f6cd970139a1eae713ce3f911d1488d2c594178dc2bba6f1fc574a456c7829027f6a6f4e8660c5e76f83fde9fd98ecc91201e10e3699
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-