General
Target

5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef

Size

14MB

Sample

220622-2kr2madeb7

Score
10/10
MD5

0e23bc0be4b1ddfa9fb1b05987dc7894

SHA1

a7e8682f89910271a131f67cf7bd2ac4c250fe77

SHA256

5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef

SHA512

c6d18bff9c8d9ca5b443a9d19dd3b1e99fa028ca514ac28e6e8093217b9e0fa257bd9e80c31200431b322fa5fd94d6cfad750f2a4a5d259445ed64a285914429

Malware Config

Extracted

Family

tofsee

C2

103.248.137.133

43.231.5.6

115.230.124.76

Targets
Target

5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef

MD5

0e23bc0be4b1ddfa9fb1b05987dc7894

Filesize

14MB

Score
10/10
SHA1

a7e8682f89910271a131f67cf7bd2ac4c250fe77

SHA256

5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef

SHA512

c6d18bff9c8d9ca5b443a9d19dd3b1e99fa028ca514ac28e6e8093217b9e0fa257bd9e80c31200431b322fa5fd94d6cfad750f2a4a5d259445ed64a285914429

Tags

Signatures

  • Tofsee

    Description

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10