Overview

overview

10

Static

static

3

86836973d4...¤š.exe

windows7-x64

10

86836973d4...¤š.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04 自删除 释放文件 网络行为较多

  • Size

    12.3MB

  • Sample

    230510-jfdpbseg54

  • MD5

    b01bb5b6447410e5fe700ba7e2f1492e

  • SHA1

    8c57825224d7830d9b1a131d1626c5017eb9e5ef

  • SHA256

    86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04

  • SHA512

    9d791d2d6ec211832e3133a5fc12ad4073d5ac5dbfef4c0be9d0ec727d99a9dc3a053ea7df888dbb7b35b53c2c27b862f31daa8b0e45e9a5be8a1d38ad836a9b

  • SSDEEP

    49152:8Lzf9OznOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO:8Xf9O

Score
10/10
tofseetrojan

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04 自删除 释放文件 网络行为较多

    • Size

      12.3MB

    • MD5

      b01bb5b6447410e5fe700ba7e2f1492e

    • SHA1

      8c57825224d7830d9b1a131d1626c5017eb9e5ef

    • SHA256

      86836973d40bcb7748cdb61f83dabf3635e463b88ece1cb1bc665c6a22af3e04

    • SHA512

      9d791d2d6ec211832e3133a5fc12ad4073d5ac5dbfef4c0be9d0ec727d99a9dc3a053ea7df888dbb7b35b53c2c27b862f31daa8b0e45e9a5be8a1d38ad836a9b

    • SSDEEP

      49152:8Lzf9OznOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO:8Xf9O

    Score
    10/10
    tofseetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks