General
Target

3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917

Size

137KB

Sample

220701-bt8gvsgaf3

Score
10/10
MD5

708dc91ee0b8a61718e9991a1396b23f

SHA1

d7bd310fd1a8ba9500c00b4e7626aa780552d26c

SHA256

3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917

SHA512

569e90713153b268f2cdcb12e78156facdcda6e936ae45e0032d317efe9d8d442d53335ab7e37514cb800d9885d5c575209b2a64e098e69c4c4db20f927f7278

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets
Target

3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917

MD5

708dc91ee0b8a61718e9991a1396b23f

Filesize

137KB

Score
10/10
SHA1

d7bd310fd1a8ba9500c00b4e7626aa780552d26c

SHA256

3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917

SHA512

569e90713153b268f2cdcb12e78156facdcda6e936ae45e0032d317efe9d8d442d53335ab7e37514cb800d9885d5c575209b2a64e098e69c4c4db20f927f7278

Tags

Signatures

  • Tofsee

    Description

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10