General
-
Target
d63f8f70ff629c1011f04ef34237e423783adee9aafcbc31c00e271bc1928ea5
-
Size
89KB
-
Sample
221130-ea1vfsdh33
-
MD5
394adc365f7d212b9d50e7578458d370
-
SHA1
6c030b671952fa2e77089170b728a8a613d60e64
-
SHA256
d63f8f70ff629c1011f04ef34237e423783adee9aafcbc31c00e271bc1928ea5
-
SHA512
b565f30c2d91e40798094e0065f9033df40488401da2f0f7b1409a04bcae9372baa6a031d52fa8895e743e3f803c6cd480494cb12fd5fbf04351e940a5fa08c2
-
SSDEEP
1536:1S8395PhLrtLv0pXqxuOEtoiG6eqQeKAw1ctnRv7X+0MI/wlMs:1djZQXqxuNo96myFFXv/wlMs
Malware Config
Extracted
tofsee
91.218.38.211
188.130.237.71
185.25.48.10
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
d63f8f70ff629c1011f04ef34237e423783adee9aafcbc31c00e271bc1928ea5
-
Size
89KB
-
MD5
394adc365f7d212b9d50e7578458d370
-
SHA1
6c030b671952fa2e77089170b728a8a613d60e64
-
SHA256
d63f8f70ff629c1011f04ef34237e423783adee9aafcbc31c00e271bc1928ea5
-
SHA512
b565f30c2d91e40798094e0065f9033df40488401da2f0f7b1409a04bcae9372baa6a031d52fa8895e743e3f803c6cd480494cb12fd5fbf04351e940a5fa08c2
-
SSDEEP
1536:1S8395PhLrtLv0pXqxuOEtoiG6eqQeKAw1ctnRv7X+0MI/wlMs:1djZQXqxuNo96myFFXv/wlMs
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-