tofsee | bb7772836afc601ff0ece2b2f1ebe85ffe73392baf08a993ae8330fdb9b04ce8 | Triage

Sharing

General

Target

4b2636d5375fabaf5210326d7ddf380a
Size

14.4MB
Sample

240108-l6jpdagec9
MD5

4b2636d5375fabaf5210326d7ddf380a
SHA1

1a2de55ee081916d168c71bc917cd39b94332d8c
SHA256

bb7772836afc601ff0ece2b2f1ebe85ffe73392baf08a993ae8330fdb9b04ce8
SHA512

09d8b92fb0fb501e3cae709786a8f6f52434d1ae5ea03100aa69c427478b6165e6fa70776ec0ff652f1e7ece1128dc25a5328d02a022294de244236212004ff2
SSDEEP

49152:yyjfVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVH:

Score

10^/10

tofsee evasion persistence trojan

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

- Target
  
  4b2636d5375fabaf5210326d7ddf380a
- Size
  
  14.4MB
- MD5
  
  4b2636d5375fabaf5210326d7ddf380a
- SHA1
  
  1a2de55ee081916d168c71bc917cd39b94332d8c
- SHA256
  
  bb7772836afc601ff0ece2b2f1ebe85ffe73392baf08a993ae8330fdb9b04ce8
- SHA512
  
  09d8b92fb0fb501e3cae709786a8f6f52434d1ae5ea03100aa69c427478b6165e6fa70776ec0ff652f1e7ece1128dc25a5328d02a022294de244236212004ff2
- SSDEEP
  
  49152:yyjfVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVH:
Score

10^/10

tofsee evasion persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Creates new service(s)
  persistence
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseeevasionpersistencetrojan

behavioral2