tofsee | 1104-59-0x0000000000400000-0x0000000000462000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1104-59-0x...ry.exe

windows7-x64

3

1104-59-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1104-59-0x0000000000400000-0x0000000000462000-memory.exe

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

1104-59-0x0000000000400000-0x0000000000462000-memory.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

1104-59-0x0000000000400000-0x0000000000462000-memory.dmp
Size

392KB
MD5

15d9b20797de137d5f9b75be5e396ac2
SHA1

2b72b44b9487c948f68f4b1f1bb1a9bbd28a7737
SHA256

d1d48689d75b4e5fee926797ce735dec4fffda72264eb3b2b53092d3c13e9855
SHA512

4ffe6ffe06329e8a8cf6c1b48872a3776d513b124e61c1f6766edaa9e435d485bca68a07580a750f90975533ccb03b75cc7581c4176a84d245a2a9ba77047b01
SSDEEP

6144:6PVCneO+XFOpIEeG35RkgQ17BT9s03XWzz/:u8p6FOpa+Ug8BJs1z

Score

10^/10

tofsee

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Signatures

Tofsee family
tofsee

Files

1104-59-0x0000000000400000-0x0000000000462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy