General

  • Target

    a8764fb08cd0f24d2d67e23b7de1072c.exe

  • Size

    11.8MB

  • Sample

    240107-yawehsdeh9

  • MD5

    a8764fb08cd0f24d2d67e23b7de1072c

  • SHA1

    ceba1dfbf953f96b90046b10b1303c59d31c8ba3

  • SHA256

    6cf0e15e2593f893b9b5a96ddf85256d330841fde6cd60255a71372ba65529aa

  • SHA512

    5f0cc6d0bdbf6901713cb665b23f0ef4c1c217f34e35995db40aa8ff9b6bda9d4b97fc8a2542b2633e2f89e0f786b6a2f3e96312c7cc1868071e70ec7c757bf9

  • SSDEEP

    24576:qUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmG:qF15

Malware Config

Extracted

Family

tofsee

C2

defeatwax.ru

refabyd.info

Targets

    • Target

      a8764fb08cd0f24d2d67e23b7de1072c.exe

    • Size

      11.8MB

    • MD5

      a8764fb08cd0f24d2d67e23b7de1072c

    • SHA1

      ceba1dfbf953f96b90046b10b1303c59d31c8ba3

    • SHA256

      6cf0e15e2593f893b9b5a96ddf85256d330841fde6cd60255a71372ba65529aa

    • SHA512

      5f0cc6d0bdbf6901713cb665b23f0ef4c1c217f34e35995db40aa8ff9b6bda9d4b97fc8a2542b2633e2f89e0f786b6a2f3e96312c7cc1868071e70ec7c757bf9

    • SSDEEP

      24576:qUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmG:qF15

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Creates new service(s)

    • Modifies Windows Firewall

MITRE ATT&CK Enterprise v15

Tasks