tofsee | 90a08c3936d65ab17994def04f55e8f1eb401dddf3f5c2d15a64766473187e51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

90a08c3936d65ab17994def04f55e8f1eb401dddf3f5c2d15a64766473187e51
Size

305KB
Sample

220908-rq9thsbhgq
MD5

e8e5d33d96f00e6766acc0850d660157
SHA1

dead70c9f5f983005e6e6b4034d70c51fdb47397
SHA256

90a08c3936d65ab17994def04f55e8f1eb401dddf3f5c2d15a64766473187e51
SHA512

d038d7154b88354a87f2b31cea5b4babe0756ab18fcca0d22edeae7fee8cb21640c3686d1a3c4a7a1b380f12d0d01223c20cbbe827e057bf872fe57e65aaf9b6
SSDEEP

6144:H0hbeCebmXvrWKW73/EDKqdwT8oLF+H9qaq1qWe1Juxs:H4eCvXv6rz/EGTZLF+dXqs1JuK

Score

10^/10

tofsee evasion persistence trojan

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  90a08c3936d65ab17994def04f55e8f1eb401dddf3f5c2d15a64766473187e51
- Size
  
  305KB
- MD5
  
  e8e5d33d96f00e6766acc0850d660157
- SHA1
  
  dead70c9f5f983005e6e6b4034d70c51fdb47397
- SHA256
  
  90a08c3936d65ab17994def04f55e8f1eb401dddf3f5c2d15a64766473187e51
- SHA512
  
  d038d7154b88354a87f2b31cea5b4babe0756ab18fcca0d22edeae7fee8cb21640c3686d1a3c4a7a1b380f12d0d01223c20cbbe827e057bf872fe57e65aaf9b6
- SSDEEP
  
  6144:H0hbeCebmXvrWKW73/EDKqdwT8oLF+H9qaq1qWe1Juxs:H4eCvXv6rz/EGTZLF+dXqs1JuK
Score

10^/10

tofsee evasion persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Privilege Escalation

New Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseeevasionpersistencetrojan