Overview

overview

10

Static

static

3

05bf320994...18.exe

windows7-x64

10

05bf320994...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05bf320994954329a3fd404d0d82fa62_JaffaCakes118

  • Size

    136KB

  • Sample

    240623-km6t5awdld

  • MD5

    05bf320994954329a3fd404d0d82fa62

  • SHA1

    7f46b22586acb7ea85bac546df8535864290febf

  • SHA256

    075c3400a03685ae454d633c12c68fdb1908ee2383fa95a5dfc72421b4c8666e

  • SHA512

    b355fe1d63696920dc548b9b3d616e7b7415a48d73bf1f49a460051af125ec51f2c0ee705926618aaf6cc40c7a2f2c0db8665b97bd083429ede28969f8436d46

  • SSDEEP

    3072:YAzWS96CT5+8KRNlw5eXRS0uvB+bIJXo4y:jzV9JTM8K+5eY0u5+uXxy

Score
10/10
tofseepersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

94.75.255.140

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

    • Target

      05bf320994954329a3fd404d0d82fa62_JaffaCakes118

    • Size

      136KB

    • MD5

      05bf320994954329a3fd404d0d82fa62

    • SHA1

      7f46b22586acb7ea85bac546df8535864290febf

    • SHA256

      075c3400a03685ae454d633c12c68fdb1908ee2383fa95a5dfc72421b4c8666e

    • SHA512

      b355fe1d63696920dc548b9b3d616e7b7415a48d73bf1f49a460051af125ec51f2c0ee705926618aaf6cc40c7a2f2c0db8665b97bd083429ede28969f8436d46

    • SSDEEP

      3072:YAzWS96CT5+8KRNlw5eXRS0uvB+bIJXo4y:jzV9JTM8K+5eY0u5+uXxy

    Score
    10/10
    tofseepersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks