General
-
Target
f0442b8d5ee23b6a85a2f5543035a761a096df9d249dbb0944f9686ede04f59b
-
Size
116KB
-
Sample
221204-dqhhdaff6w
-
MD5
4ee3012b6de81e70ea3aeb1c8b63bde1
-
SHA1
11adf906465c1f81d157d068632c8a88acd676b2
-
SHA256
f0442b8d5ee23b6a85a2f5543035a761a096df9d249dbb0944f9686ede04f59b
-
SHA512
0d618c0b8920eb684e09a9edacbbf680e6cc5b21a17f1a37c3ade0e0822b1421aa289c500a4db5c4ed4164f0844a91b76fe3ffc705379657ba97b074f73c3b27
-
SSDEEP
1536:7Jcg21s3VMp5fjgQpnFGQGbDjNQo066KE8oLEFTEcK3b:qgIpWQVFobvNTh6soHcKr
Malware Config
Extracted
tofsee
103.9.150.244
188.190.120.102
121.127.250.203
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
f0442b8d5ee23b6a85a2f5543035a761a096df9d249dbb0944f9686ede04f59b
-
Size
116KB
-
MD5
4ee3012b6de81e70ea3aeb1c8b63bde1
-
SHA1
11adf906465c1f81d157d068632c8a88acd676b2
-
SHA256
f0442b8d5ee23b6a85a2f5543035a761a096df9d249dbb0944f9686ede04f59b
-
SHA512
0d618c0b8920eb684e09a9edacbbf680e6cc5b21a17f1a37c3ade0e0822b1421aa289c500a4db5c4ed4164f0844a91b76fe3ffc705379657ba97b074f73c3b27
-
SSDEEP
1536:7Jcg21s3VMp5fjgQpnFGQGbDjNQo066KE8oLEFTEcK3b:qgIpWQVFobvNTh6soHcKr
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-