tofsee | 86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04 | Triage

Sharing

General

Target

86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04 自删除释放文件网络行为较多
Size

12.3MB
Sample

230510-jfdpbseg54
MD5

b01bb5b6447410e5fe700ba7e2f1492e
SHA1

8c57825224d7830d9b1a131d1626c5017eb9e5ef
SHA256

86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04
SHA512

9d791d2d6ec211832e3133a5fc12ad4073d5ac5dbfef4c0be9d0ec727d99a9dc3a053ea7df888dbb7b35b53c2c27b862f31daa8b0e45e9a5be8a1d38ad836a9b
SSDEEP

49152:8Lzf9OznOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO:8Xf9O

Score

10^/10

tofsee trojan

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

- Target
  
  86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04 自删除释放文件网络行为较多
- Size
  
  12.3MB
- MD5
  
  b01bb5b6447410e5fe700ba7e2f1492e
- SHA1
  
  8c57825224d7830d9b1a131d1626c5017eb9e5ef
- SHA256
  
  86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04
- SHA512
  
  9d791d2d6ec211832e3133a5fc12ad4073d5ac5dbfef4c0be9d0ec727d99a9dc3a053ea7df888dbb7b35b53c2c27b862f31daa8b0e45e9a5be8a1d38ad836a9b
- SSDEEP
  
  49152:8Lzf9OznOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO:8Xf9O
Score

10^/10

tofsee trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2