Overview

overview

10

Static

static

3

f37f32eb1c...83.exe

windows7-x64

10

f37f32eb1c...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f37f32eb1c859541773f55297fb1e05bbfc2874851fc7bbd4e185d3a6a1b6583.zip

  • Size

    140KB

  • Sample

    240706-rqhd9szhml

  • MD5

    e10cd9e1efd58b4726f27c20eca6d47d

  • SHA1

    a89e1a766763e2e395ee10a9fcf7830eef1bea85

  • SHA256

    c7625d8b96e6e69b08abe36d12233b80a628c22f4c3df463e2013ab0bb32ec12

  • SHA512

    13b722bf0eda33886d1deffc3f09914df5a95aac35eca0bc1a969d86f2da6e96054525a56ee5d733c2a2940eba73f3f4f2666a72a6fa0acd785afad21e5ca483

  • SSDEEP

    3072:z1dwZmO8xb94a8eGDLSHAFx6lICxVHLNwDsKntnyNESYq:5yQO46reESHaiLLNwHntyNt

Score
10/10
tofseeevasionexecutionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

tofsee

C2

vanaheim.cn

jotunheim.name

Targets

    • Target

      f37f32eb1c859541773f55297fb1e05bbfc2874851fc7bbd4e185d3a6a1b6583.exe

    • Size

      229KB

    • MD5

      b40b6b9bd2f7d17a65c72469ee2e2cfa

    • SHA1

      859ffdfda568b34e1c3ded9f846dea6e8774f5b5

    • SHA256

      f37f32eb1c859541773f55297fb1e05bbfc2874851fc7bbd4e185d3a6a1b6583

    • SHA512

      7a4b7171000f8dad0eed766e212ee6c9ebf6431175291442524383232f5455f6bc3e8b224c31dc8bf48ad0cba4ef7637edd4dcc8f32e48f93fb9ea7036adeae1

    • SSDEEP

      3072:DI/quXXuYu/IdYKV97eRuWYxYBouZdSzBS7sy4iIb:DYqKXzEIzSbYxYTAS7W

    Score
    10/10
    tofseeevasionexecutionpersistenceprivilege_escalationtrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Creates new service(s)

      persistenceexecution

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks