tofsee | 7506af8f220c1237b0c57375820f382bc3cba14c5a313ae568b066e91ddd2c9b | Triage

Sharing

General

Target

3447b89187133d1975648f4087b3300e_JaffaCakes118
Size

171KB
Sample

240710-l49ssa1fkn
MD5

3447b89187133d1975648f4087b3300e
SHA1

22598110c0b09905f69a22fce50ff2441acadf83
SHA256

7506af8f220c1237b0c57375820f382bc3cba14c5a313ae568b066e91ddd2c9b
SHA512

8b5cfd8601cea011c6b09013e12c692500cfc768a24a3ffb0998fa3713f5a40e218ac5a0930eabf3eccabd470222f22e170c5e94c7f08eb00a6f7af842fa5ace
SSDEEP

1536:X9wTi1AJmKESNJJHTvZegHLC/Vy5P7nRK8MG68Liik4TFjhMc2T7OsrUqt+cf8y3:NaNmy7njLiaxec2HdrUqt+cf1iesW1

Score

10^/10

tofsee persistence trojan

Malware Config

Extracted

Family

tofsee

C2

64.20.54.234

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  3447b89187133d1975648f4087b3300e_JaffaCakes118
- Size
  
  171KB
- MD5
  
  3447b89187133d1975648f4087b3300e
- SHA1
  
  22598110c0b09905f69a22fce50ff2441acadf83
- SHA256
  
  7506af8f220c1237b0c57375820f382bc3cba14c5a313ae568b066e91ddd2c9b
- SHA512
  
  8b5cfd8601cea011c6b09013e12c692500cfc768a24a3ffb0998fa3713f5a40e218ac5a0930eabf3eccabd470222f22e170c5e94c7f08eb00a6f7af842fa5ace
- SSDEEP
  
  1536:X9wTi1AJmKESNJJHTvZegHLC/Vy5P7nRK8MG68Liik4TFjhMc2T7OsrUqt+cf8y3:NaNmy7njLiaxec2HdrUqt+cf1iesW1
Score

10^/10

tofsee persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseepersistencetrojan

behavioral2

tofseepersistencetrojan