tofsee | cecb510cc1df72a13403df3e3bb75fd6af31bf76bd837d66342c76586212a5e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06f875f900de741fa535bd531e61f604
Size

11.2MB
Sample

231229-3hcdtshhg9
MD5

06f875f900de741fa535bd531e61f604
SHA1

27dedbd899c3e30d379bfb99b5d894c9cea43f32
SHA256

cecb510cc1df72a13403df3e3bb75fd6af31bf76bd837d66342c76586212a5e1
SHA512

7eb67af4fc8bc98687d030993df1b843774b516988919f11651a54ed6d9af129008aa7b092dbcf08e6199265e1cc1324ae88698b68e4d2d2e705c3ea21c1f299
SSDEEP

196608:vzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz:

Score

10^/10

tofsee evasion persistence trojan

Malware Config

Extracted

Family

tofsee

C2

43.231.4.6

lazystax.ru

Targets

- Target
  
  06f875f900de741fa535bd531e61f604
- Size
  
  11.2MB
- MD5
  
  06f875f900de741fa535bd531e61f604
- SHA1
  
  27dedbd899c3e30d379bfb99b5d894c9cea43f32
- SHA256
  
  cecb510cc1df72a13403df3e3bb75fd6af31bf76bd837d66342c76586212a5e1
- SHA512
  
  7eb67af4fc8bc98687d030993df1b843774b516988919f11651a54ed6d9af129008aa7b092dbcf08e6199265e1cc1324ae88698b68e4d2d2e705c3ea21c1f299
- SSDEEP
  
  196608:vzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz:
Score

10^/10

tofsee evasion persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Creates new service(s)
  persistence
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseeevasionpersistencetrojan

behavioral2

tofseeevasionpersistencetrojan