General
-
Target
Backdoor.Win32.Tofsee.vxxb30d031ba00884201f134275fba470347847c79c202730a99aba28ba0af5164d
-
Size
156KB
-
Sample
230507-gy9tdafh87
-
MD5
5a1b9badb9af104e121379fe3c7f7e4c
-
SHA1
0d4e9cc2af85424606ddb981c3060f19f7aa834b
-
SHA256
b30d031ba00884201f134275fba470347847c79c202730a99aba28ba0af5164d
-
SHA512
049b178dd0a9697e94cba8895dc7ab28f4a754140f777781fdc2213348874f47234e8d5addf332c52396a20ead98ad1e147855a9b0abc4c2d18e6cc239d0454a
-
SSDEEP
3072:jcyXKgAPWYnaqlhdlEMOMk3M1HhyOGxx:jcQKgAvaudyMOv2yO
Static task
static1
Behavioral task
behavioral1
Sample
Backdoor.Win32.Tofsee.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Backdoor.Win32.Tofsee.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
tofsee
43.225.38.217
111.121.193.242
188.190.120.101
188.165.132.183
213.155.0.208
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
Backdoor.Win32.Tofsee.vxxb30d031ba00884201f134275fba470347847c79c202730a99aba28ba0af5164d
-
Size
156KB
-
MD5
5a1b9badb9af104e121379fe3c7f7e4c
-
SHA1
0d4e9cc2af85424606ddb981c3060f19f7aa834b
-
SHA256
b30d031ba00884201f134275fba470347847c79c202730a99aba28ba0af5164d
-
SHA512
049b178dd0a9697e94cba8895dc7ab28f4a754140f777781fdc2213348874f47234e8d5addf332c52396a20ead98ad1e147855a9b0abc4c2d18e6cc239d0454a
-
SSDEEP
3072:jcyXKgAPWYnaqlhdlEMOMk3M1HhyOGxx:jcQKgAvaudyMOv2yO
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-