tofsee | 85eca08e0d409e4c94322f454b9978281d4418ec61521a2feab505c76c7a6b02 | Triage

Sharing

General

Target

85eca08e0d409e4c94322f454b9978281d4418ec61521a2feab505c76c7a6b02
Size

349KB
Sample

221202-nxtjbshd5t
MD5

9c7cf69b45ace1ffd689b1725fd5bbfc
SHA1

b9b9677ff38eb6ee8b1b3ef85181675e84830ecf
SHA256

85eca08e0d409e4c94322f454b9978281d4418ec61521a2feab505c76c7a6b02
SHA512

9ac0e8740e8dcf989c652f6274b8023ee103a08c6b7775d658097a07a7162c27afc19d413d6b015552743a7eeafa601e38de27b1306f9d42b129cebe47683530
SSDEEP

3072:YT832BLU26yrK5sAFv0hHHyssE6QrjHwUUWQPiTdvaG9WLzjHhIh3eGjMgG1ao5e:zGBLH6yrDgchHSkfbATL/uRjMgU

Score

10^/10

tofsee evasion persistence trojan

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  85eca08e0d409e4c94322f454b9978281d4418ec61521a2feab505c76c7a6b02
- Size
  
  349KB
- MD5
  
  9c7cf69b45ace1ffd689b1725fd5bbfc
- SHA1
  
  b9b9677ff38eb6ee8b1b3ef85181675e84830ecf
- SHA256
  
  85eca08e0d409e4c94322f454b9978281d4418ec61521a2feab505c76c7a6b02
- SHA512
  
  9ac0e8740e8dcf989c652f6274b8023ee103a08c6b7775d658097a07a7162c27afc19d413d6b015552743a7eeafa601e38de27b1306f9d42b129cebe47683530
- SSDEEP
  
  3072:YT832BLU26yrK5sAFv0hHHyssE6QrjHwUUWQPiTdvaG9WLzjHhIh3eGjMgG1ao5e:zGBLH6yrDgchHSkfbATL/uRjMgU
Score

10^/10

tofsee evasion persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseeevasionpersistencetrojan