General
-
Target
020356f14633236e606e969972babe31_JaffaCakes118
-
Size
171KB
-
Sample
240622-n2zk5sxbjh
-
MD5
020356f14633236e606e969972babe31
-
SHA1
3e8ebc61aeaf8dabcc17e8fb630cb2c75b2d2405
-
SHA256
7205337d6c5ab0aaf2ee3fdc3dc890d8a385e7eefc5115700c7034ddacad6826
-
SHA512
5bf953ae11b152b3633514e924d461300194ae562bb63f1b22af46c61c9bdb69f72b8aa28e6c1127a98bdb6aecc0b4bde453e031aa6a36acdbf840af7db5b875
-
SSDEEP
3072:HQY5swdevhaGJVeYJi8LeDUGDQYUj5uF4qHrNFAvPLq/Ns:wNwLkyM0F5JF2jqls
Malware Config
Extracted
tofsee
94.75.255.140
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
020356f14633236e606e969972babe31_JaffaCakes118
-
Size
171KB
-
MD5
020356f14633236e606e969972babe31
-
SHA1
3e8ebc61aeaf8dabcc17e8fb630cb2c75b2d2405
-
SHA256
7205337d6c5ab0aaf2ee3fdc3dc890d8a385e7eefc5115700c7034ddacad6826
-
SHA512
5bf953ae11b152b3633514e924d461300194ae562bb63f1b22af46c61c9bdb69f72b8aa28e6c1127a98bdb6aecc0b4bde453e031aa6a36acdbf840af7db5b875
-
SSDEEP
3072:HQY5swdevhaGJVeYJi8LeDUGDQYUj5uF4qHrNFAvPLq/Ns:wNwLkyM0F5JF2jqls
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-