tofsee | 62c10c55dac6618eff4716e89de4bae41c429102fae8cae2f0ffc86a05ad82e2 | Triage

Sharing

General

Target

VirusShare_71efd5f8d2ad4c891d4d52f2cce17561
Size

144KB
Sample

240610-1m1k4s1hmf
MD5

71efd5f8d2ad4c891d4d52f2cce17561
SHA1

f34013094d0de6756de5c4979181e1a468836454
SHA256

62c10c55dac6618eff4716e89de4bae41c429102fae8cae2f0ffc86a05ad82e2
SHA512

0f8bab954b18c6e57a3bd0b1b685a5c4d4b194ab30c4b0e8a192cf57d9343c33e7b3f2ed9cb8a815f931b702c528d01ac58f30b8bfa3921854b285cd899bd7b0
SSDEEP

3072:XNfr+k4XY4h+PhzjzrOdt9lES2jbxWGqe:XNf14D+PhznrOdmSbGqe

Score

10^/10

tofsee persistence trojan

Malware Config

Extracted

Family

tofsee

C2

91.218.39.211

188.130.237.44

91.204.162.103

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  VirusShare_71efd5f8d2ad4c891d4d52f2cce17561
- Size
  
  144KB
- MD5
  
  71efd5f8d2ad4c891d4d52f2cce17561
- SHA1
  
  f34013094d0de6756de5c4979181e1a468836454
- SHA256
  
  62c10c55dac6618eff4716e89de4bae41c429102fae8cae2f0ffc86a05ad82e2
- SHA512
  
  0f8bab954b18c6e57a3bd0b1b685a5c4d4b194ab30c4b0e8a192cf57d9343c33e7b3f2ed9cb8a815f931b702c528d01ac58f30b8bfa3921854b285cd899bd7b0
- SSDEEP
  
  3072:XNfr+k4XY4h+PhzjzrOdt9lES2jbxWGqe:XNf14D+PhznrOdmSbGqe
Score

10^/10

tofsee persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseepersistencetrojan

behavioral2

tofseepersistencetrojan