General
Target

31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29

Size

188KB

Sample

220620-vwqvdagafp

Score
10/10
MD5

1105de805f1450aa298c8e1a4e66032b

SHA1

b37cc2df88bdd24e6132b1cff5d541df8d14fe69

SHA256

31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29

SHA512

6630672aca0d671ac3f8f6cd970139a1eae713ce3f911d1488d2c594178dc2bba6f1fc574a456c7829027f6a6f4e8660c5e76f83fde9fd98ecc91201e10e3699

Malware Config

Extracted

Family

tofsee

C2

103.232.222.57

111.121.193.242

123.249.0.22

Targets
Target

31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29

MD5

1105de805f1450aa298c8e1a4e66032b

Filesize

188KB

Score
10/10
SHA1

b37cc2df88bdd24e6132b1cff5d541df8d14fe69

SHA256

31eaa3ab5036dcea2e51802b5323f8ead2bee421b053e45fd5163dc947bf0a29

SHA512

6630672aca0d671ac3f8f6cd970139a1eae713ce3f911d1488d2c594178dc2bba6f1fc574a456c7829027f6a6f4e8660c5e76f83fde9fd98ecc91201e10e3699

Tags

Signatures

  • Tofsee

    Description

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    Tags

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10