General
-
Target
441e73a5035fc9c2c7bb4d107a387555
-
Size
12.9MB
-
Sample
231219-ryrmxahfh3
-
MD5
441e73a5035fc9c2c7bb4d107a387555
-
SHA1
18055cb347306142b605aa2c30fb78c07046c9af
-
SHA256
74e094670f0a5fc6285c8c3982d1b21df6574aaa4de3736fbf2057610be709a1
-
SHA512
6ab39a7e22a82cdd13bcb21347c22d269312f1673adb427931ce6939f55419ec431fd02f2899b283960415aab77999415736aa337487da88e39adac44f6e0d09
-
SSDEEP
196608:p3qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq3:p
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
441e73a5035fc9c2c7bb4d107a387555
-
Size
12.9MB
-
MD5
441e73a5035fc9c2c7bb4d107a387555
-
SHA1
18055cb347306142b605aa2c30fb78c07046c9af
-
SHA256
74e094670f0a5fc6285c8c3982d1b21df6574aaa4de3736fbf2057610be709a1
-
SHA512
6ab39a7e22a82cdd13bcb21347c22d269312f1673adb427931ce6939f55419ec431fd02f2899b283960415aab77999415736aa337487da88e39adac44f6e0d09
-
SSDEEP
196608:p3qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq3:p
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2