tofsee | 3bedffc329cda99ca31768fe92f32791dfb0ae6114b82dced21cb77e4411fcf7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f521ee227e3116724605a34228f6689
Size

14.7MB
Sample

231225-bhh3tsfgck
MD5

1f521ee227e3116724605a34228f6689
SHA1

5f99b5c9ab84712df6d027aa5cf01d957ba4ba18
SHA256

3bedffc329cda99ca31768fe92f32791dfb0ae6114b82dced21cb77e4411fcf7
SHA512

f849026ed285503482f0c9eb01297fd24faf90b86bab59a15d3f79b1dd666a54b9bff0a17b67f4cf5900e053867d63795469c3d5b6871eb7fc7f045aee8d9da5
SSDEEP

12288:mRXQK44fy6111111111111111111111111111111111111111111111111111113:mRx2

Score

10^/10

tofsee evasion persistence trojan

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

- Target
  
  1f521ee227e3116724605a34228f6689
- Size
  
  14.7MB
- MD5
  
  1f521ee227e3116724605a34228f6689
- SHA1
  
  5f99b5c9ab84712df6d027aa5cf01d957ba4ba18
- SHA256
  
  3bedffc329cda99ca31768fe92f32791dfb0ae6114b82dced21cb77e4411fcf7
- SHA512
  
  f849026ed285503482f0c9eb01297fd24faf90b86bab59a15d3f79b1dd666a54b9bff0a17b67f4cf5900e053867d63795469c3d5b6871eb7fc7f045aee8d9da5
- SSDEEP
  
  12288:mRXQK44fy6111111111111111111111111111111111111111111111111111113:mRx2
Score

10^/10

tofsee evasion persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Creates new service(s)
  persistence
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseeevasionpersistencetrojan

behavioral2

tofseeevasionpersistencetrojan