tofsee | 4d670bec8fdbe11e0b59625ccf5480c7fa963d47109ff056c9e882cdf2c39644 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d670bec8fdbe11e0b59625ccf5480c7fa963d47109ff056c9e882cdf2c39644
Size

302KB
Sample

220911-sl1kqabha9
MD5

9ddd1e7ba5c5c1aa563213ea26fa39aa
SHA1

fb80728556fc560ad150c28b13739ffdfc5bb005
SHA256

4d670bec8fdbe11e0b59625ccf5480c7fa963d47109ff056c9e882cdf2c39644
SHA512

1daf50f360b62480ae3fcbe3f377bd6a0f3e61ec21100e7dabe3c390a7bcb8ebd76b76457993b32395c5927a84a132842845300242c5b8db544d10d68bc19655
SSDEEP

6144:+aBFDQaqNXdYCRdP9wGRDXNqB6PikmosZqUVxP1LbID:+ADTqBdYCj6GRXNqB6P2os9D9Q

Score

10^/10

tofsee evasion persistence trojan

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  4d670bec8fdbe11e0b59625ccf5480c7fa963d47109ff056c9e882cdf2c39644
- Size
  
  302KB
- MD5
  
  9ddd1e7ba5c5c1aa563213ea26fa39aa
- SHA1
  
  fb80728556fc560ad150c28b13739ffdfc5bb005
- SHA256
  
  4d670bec8fdbe11e0b59625ccf5480c7fa963d47109ff056c9e882cdf2c39644
- SHA512
  
  1daf50f360b62480ae3fcbe3f377bd6a0f3e61ec21100e7dabe3c390a7bcb8ebd76b76457993b32395c5927a84a132842845300242c5b8db544d10d68bc19655
- SSDEEP
  
  6144:+aBFDQaqNXdYCRdP9wGRDXNqB6PikmosZqUVxP1LbID:+ADTqBdYCj6GRXNqB6P2os9D9Q
Score

10^/10

tofsee evasion persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Privilege Escalation

New Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseeevasionpersistencetrojan