General
-
Target
2de8fd847371819c1b024b4f62eb7349ae5297675ca2c0ed768f48a759e17d9d
-
Size
208KB
-
Sample
220622-qd7yqafbcq
-
MD5
86e4f9c522e0e695b192c86907198c06
-
SHA1
caf09ee17cd783a25f1324f07628a7eb31f0fe0c
-
SHA256
2de8fd847371819c1b024b4f62eb7349ae5297675ca2c0ed768f48a759e17d9d
-
SHA512
499e9d943e3c915630f443e6b4ac44e0c1b04955e70cfb118ac6c3e2a8fceebdb639daeb93475eb0dbaa69198abb9f37f9a4eb5fba71ad64117bb7b0258ea6ad
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
2de8fd847371819c1b024b4f62eb7349ae5297675ca2c0ed768f48a759e17d9d
-
Size
208KB
-
MD5
86e4f9c522e0e695b192c86907198c06
-
SHA1
caf09ee17cd783a25f1324f07628a7eb31f0fe0c
-
SHA256
2de8fd847371819c1b024b4f62eb7349ae5297675ca2c0ed768f48a759e17d9d
-
SHA512
499e9d943e3c915630f443e6b4ac44e0c1b04955e70cfb118ac6c3e2a8fceebdb639daeb93475eb0dbaa69198abb9f37f9a4eb5fba71ad64117bb7b0258ea6ad
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-