tofsee | a047a851b12c88e083bf15eb03bba7dd5dacca762b3f878dc669530af8ab5ffe | Triage

Sharing

General

Target

d508c5d69ff1e3b8db949495652a5039_JaffaCakes118
Size

154KB
Sample

240908-yxzqfswbla
MD5

d508c5d69ff1e3b8db949495652a5039
SHA1

610cc4e4f0d3d34ef394fc5fb1c1b4deacf140d0
SHA256

a047a851b12c88e083bf15eb03bba7dd5dacca762b3f878dc669530af8ab5ffe
SHA512

4d8102aa4e82452f5fa03b1ca663b6e2950a6ce7cf55ed81208b262ed79760cc79d4e0d7e379bd2196b5c02cd2ec8b86cbf4357b706501740278b3bbcada3daf
SSDEEP

3072:hICiI/K4N4Q7JA2G/GzOyoUI2aSifW7F3o2u9eXELFVoAq8q537ue:hX64t7Jyti+2EemVoACae

Score

10^/10

tofsee discovery persistence trojan

Malware Config

Extracted

Family

tofsee

C2

64.20.54.234

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  d508c5d69ff1e3b8db949495652a5039_JaffaCakes118
- Size
  
  154KB
- MD5
  
  d508c5d69ff1e3b8db949495652a5039
- SHA1
  
  610cc4e4f0d3d34ef394fc5fb1c1b4deacf140d0
- SHA256
  
  a047a851b12c88e083bf15eb03bba7dd5dacca762b3f878dc669530af8ab5ffe
- SHA512
  
  4d8102aa4e82452f5fa03b1ca663b6e2950a6ce7cf55ed81208b262ed79760cc79d4e0d7e379bd2196b5c02cd2ec8b86cbf4357b706501740278b3bbcada3daf
- SSDEEP
  
  3072:hICiI/K4N4Q7JA2G/GzOyoUI2aSifW7F3o2u9eXELFVoAq8q537ue:hX64t7Jyti+2EemVoACae
Score

10^/10

tofsee discovery persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverypersistencetrojan

behavioral2

tofseediscoverypersistencetrojan