Overview

overview

10

Static

static

3

2974e70f02...18.exe

windows7-x64

10

2974e70f02...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2974e70f02767b10963e422142859413_JaffaCakes118

  • Size

    136KB

  • Sample

    240706-2k8pdaxdlb

  • MD5

    2974e70f02767b10963e422142859413

  • SHA1

    10982b4f655d166b8145b14f57adae7b265a1559

  • SHA256

    c24e9f212bf4aa4d09be65a48991d3d88a7f8c7964167b669655bae9fcf683aa

  • SHA512

    f41fb5551cfa66f2efbc29ce7be0cfffba83309f37078346bdf01db0314f072626054a2eb34d4602b596b4cb74e6f068f65825a3a9a6872b115644c8c766d90a

  • SSDEEP

    3072:kIMXId8aU3RrYoD5XulxqnDv9405BL6zl:xMPayR0oD5muDvi02Z

Score
10/10
tofseepersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

94.75.255.140

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

    • Target

      2974e70f02767b10963e422142859413_JaffaCakes118

    • Size

      136KB

    • MD5

      2974e70f02767b10963e422142859413

    • SHA1

      10982b4f655d166b8145b14f57adae7b265a1559

    • SHA256

      c24e9f212bf4aa4d09be65a48991d3d88a7f8c7964167b669655bae9fcf683aa

    • SHA512

      f41fb5551cfa66f2efbc29ce7be0cfffba83309f37078346bdf01db0314f072626054a2eb34d4602b596b4cb74e6f068f65825a3a9a6872b115644c8c766d90a

    • SSDEEP

      3072:kIMXId8aU3RrYoD5XulxqnDv9405BL6zl:xMPayR0oD5muDvi02Z

    Score
    10/10
    tofseepersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks