General
-
Target
092b9a5f4989c11b6ca01772fa96d82acc4f3b7d5b36bb36f3ee2b406466ff65
-
Size
136KB
-
Sample
221203-qmkjsagg6z
-
MD5
161039cd705764c76dba302cb2de9fce
-
SHA1
8ece873e8db0cba9308fdcfd6a3f281daab22a0a
-
SHA256
092b9a5f4989c11b6ca01772fa96d82acc4f3b7d5b36bb36f3ee2b406466ff65
-
SHA512
d0a412f5377aa00c2f06101bb00b8392ec1040bcb0a282adc75337fbd2db14ba5f034f116d1cef5f8f453b66ecb790c97fd12ac7bc70864ed0dda5c0195cd4fe
-
SSDEEP
1536:8txrWe8so2pJlD/guUNLcJWzxekii25IjYocMnUyq0GL0l8qVvz3GoQcM:8txr7lDgzUWzxevi2V1Mn7qnCvDGoQH
Malware Config
Extracted
tofsee
185.4.227.76
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
092b9a5f4989c11b6ca01772fa96d82acc4f3b7d5b36bb36f3ee2b406466ff65
-
Size
136KB
-
MD5
161039cd705764c76dba302cb2de9fce
-
SHA1
8ece873e8db0cba9308fdcfd6a3f281daab22a0a
-
SHA256
092b9a5f4989c11b6ca01772fa96d82acc4f3b7d5b36bb36f3ee2b406466ff65
-
SHA512
d0a412f5377aa00c2f06101bb00b8392ec1040bcb0a282adc75337fbd2db14ba5f034f116d1cef5f8f453b66ecb790c97fd12ac7bc70864ed0dda5c0195cd4fe
-
SSDEEP
1536:8txrWe8so2pJlD/guUNLcJWzxekii25IjYocMnUyq0GL0l8qVvz3GoQcM:8txr7lDgzUWzxevi2V1Mn7qnCvDGoQH
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-