General
-
Target
0a0dd74c400e848fcf84d1217695746f
-
Size
313KB
-
Sample
230508-bg3e3sac5t
-
MD5
0a0dd74c400e848fcf84d1217695746f
-
SHA1
87a35d0bceabe086f8bfb0b286dd678a9c93d35a
-
SHA256
27e3ed0b63c7aaf1cdef8ff971fdf5c60fbf4507ef55343096f94ff6feb5f516
-
SHA512
4bb6df5908a505f5d2a1871f86db31ec7883bf4cecd25ad5fcf4c3f7410fbede7487b12dad1e8442b83953510aad074ba04a89f067620c07d0acc89f1973454b
-
SSDEEP
3072:8pXIEUbI/4pLTdJdBaLh6MbISGRiKT87mk/PGXZuZQ2y5gW5cF3PF1YWUqqT:MNU8ApLTd7BcpbIRR1sjFqpSdtS7
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
0a0dd74c400e848fcf84d1217695746f
-
Size
313KB
-
MD5
0a0dd74c400e848fcf84d1217695746f
-
SHA1
87a35d0bceabe086f8bfb0b286dd678a9c93d35a
-
SHA256
27e3ed0b63c7aaf1cdef8ff971fdf5c60fbf4507ef55343096f94ff6feb5f516
-
SHA512
4bb6df5908a505f5d2a1871f86db31ec7883bf4cecd25ad5fcf4c3f7410fbede7487b12dad1e8442b83953510aad074ba04a89f067620c07d0acc89f1973454b
-
SSDEEP
3072:8pXIEUbI/4pLTdJdBaLh6MbISGRiKT87mk/PGXZuZQ2y5gW5cF3PF1YWUqqT:MNU8ApLTd7BcpbIRR1sjFqpSdtS7
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-