Overview

overview

10

Static

static

b62bd16f3b...97.exe

windows7-x64

10

b62bd16f3b...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97

  • Size

    120KB

  • Sample

    221001-zmnqwagcdn

  • MD5

    4dceae07630380b5ed1a94389e1fb9c0

  • SHA1

    2d3bd982d62d7fc62b961f82625682231766856e

  • SHA256

    b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97

  • SHA512

    4fb8b0a3cbeb394453c551e6daece1cf5c1685abf2d6b083d569c4096a3544c228df7bba7acfdec3aae9caa490f04dd78ca08a53cf6a6108f415a0d5a767e254

  • SSDEEP

    1536:mZG0MaQ9u20DPpbuF30kpX9aIJeOX/hZZYF9WqoMurUE/ZZ1rSNJMiGXBe:Nr9u20Tpb+rpAyZZKF9WqJEz1+8dx

Score
10/10
tofseepersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

111.121.193.238

103.15.107.117

188.190.114.108

188.165.132.183

213.155.0.208

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

    • Target

      b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97

    • Size

      120KB

    • MD5

      4dceae07630380b5ed1a94389e1fb9c0

    • SHA1

      2d3bd982d62d7fc62b961f82625682231766856e

    • SHA256

      b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97

    • SHA512

      4fb8b0a3cbeb394453c551e6daece1cf5c1685abf2d6b083d569c4096a3544c228df7bba7acfdec3aae9caa490f04dd78ca08a53cf6a6108f415a0d5a767e254

    • SSDEEP

      1536:mZG0MaQ9u20DPpbuF30kpX9aIJeOX/hZZYF9WqoMurUE/ZZ1rSNJMiGXBe:Nr9u20Tpb+rpAyZZKF9WqJEz1+8dx

    Score
    10/10
    tofseepersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.