Overview

overview

10

Static

static

3

1783e2beef...18.exe

windows7-x64

10

1783e2beef...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1783e2beef4c8cbd1b7887f2804b1698_JaffaCakes118

  • Size

    133KB

  • Sample

    240627-zvl71s1amf

  • MD5

    1783e2beef4c8cbd1b7887f2804b1698

  • SHA1

    4ed87a4c967d82e914e24fc25c868572eb2263f9

  • SHA256

    27a96d1d3be59518333398b4796e733ea886a39d13b340916016a1a265982777

  • SHA512

    0dc1d3c1a516a85258dbb1815bb188f579e3c088b22e69c969e14baa024bf70b0e3ef8a443269f67d7a87e1760258ca4694e569fbe5e38bde0f081861e3f8d22

  • SSDEEP

    1536:Q74zUiEiGmPcf25I6hbCadtdAQAbPkAPlDTMhYzyvfQLmPtnTlbU:QpiaV+5HvtunPkA9TCYzyvfystnW

Score
10/10
tofseepersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

64.20.54.234

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

    • Target

      1783e2beef4c8cbd1b7887f2804b1698_JaffaCakes118

    • Size

      133KB

    • MD5

      1783e2beef4c8cbd1b7887f2804b1698

    • SHA1

      4ed87a4c967d82e914e24fc25c868572eb2263f9

    • SHA256

      27a96d1d3be59518333398b4796e733ea886a39d13b340916016a1a265982777

    • SHA512

      0dc1d3c1a516a85258dbb1815bb188f579e3c088b22e69c969e14baa024bf70b0e3ef8a443269f67d7a87e1760258ca4694e569fbe5e38bde0f081861e3f8d22

    • SSDEEP

      1536:Q74zUiEiGmPcf25I6hbCadtdAQAbPkAPlDTMhYzyvfQLmPtnTlbU:QpiaV+5HvtunPkA9TCYzyvfystnW

    Score
    10/10
    tofseepersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks