Overview

overview

10

Static

static

3

4848315a29...18.exe

windows7-x64

10

4848315a29...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4848315a2917b333b8436587626fc48f_JaffaCakes118

  • Size

    255KB

  • Sample

    240715-fe312s1flg

  • MD5

    4848315a2917b333b8436587626fc48f

  • SHA1

    1c16c844bb29176162ca17936386cc49c91e6abc

  • SHA256

    0a3cef3d7f5560ef2cf025e2b9976e90fd3ee9da43f3f7a6a375d1707b0ce7fe

  • SHA512

    af3d71a6f55e2c68f640c12faeefdca463d5929ef0a0b822bb270935f5af793afa5bf03b10dc426177b98f3d9e8cc6fe0efec6a6cef13f96062c2db6cdb98438

  • SSDEEP

    3072:0Em2GULHi0lnccicMhW7R4dtiTMQBZFEcNBZFEvNBZFEcNBZG:0sGUuecczMhWvT

Score
10/10
tofseepersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

31.210.119.2

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

    • Target

      4848315a2917b333b8436587626fc48f_JaffaCakes118

    • Size

      255KB

    • MD5

      4848315a2917b333b8436587626fc48f

    • SHA1

      1c16c844bb29176162ca17936386cc49c91e6abc

    • SHA256

      0a3cef3d7f5560ef2cf025e2b9976e90fd3ee9da43f3f7a6a375d1707b0ce7fe

    • SHA512

      af3d71a6f55e2c68f640c12faeefdca463d5929ef0a0b822bb270935f5af793afa5bf03b10dc426177b98f3d9e8cc6fe0efec6a6cef13f96062c2db6cdb98438

    • SSDEEP

      3072:0Em2GULHi0lnccicMhW7R4dtiTMQBZFEcNBZFEvNBZFEcNBZG:0sGUuecczMhWvT

    Score
    10/10
    tofseepersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks