tofsee | 17f96397035fded780c11562876cd455b635d98255f2052912afcd113c1a55d6 | Triage

Sharing

General

Target

d5a0f6baebe6f4bf5658d38c18d34ec8_JaffaCakes118
Size

99KB
Sample

240909-en4hha1cln
MD5

d5a0f6baebe6f4bf5658d38c18d34ec8
SHA1

6bcbb00faec744ff0a4d6d141071eef2baa70769
SHA256

17f96397035fded780c11562876cd455b635d98255f2052912afcd113c1a55d6
SHA512

e5342e1acb9967ec02cb935e413c91726c4005f217120112d5ccc56e11a82a3805673a4c13fff6e1ce808e84ea83e294d89590f02feb04f388f8cff2755aefcc
SSDEEP

1536:lidHJUw2UZ2RbwbU6Pn1SNHe4HVpHe6B2V8oLMb1Zb4aaGw:loCGUe1SNHe4HVp+rVpLW4pGw

Score

10^/10

tofsee discovery persistence trojan

Malware Config

Extracted

Family

tofsee

C2

64.20.54.234

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  d5a0f6baebe6f4bf5658d38c18d34ec8_JaffaCakes118
- Size
  
  99KB
- MD5
  
  d5a0f6baebe6f4bf5658d38c18d34ec8
- SHA1
  
  6bcbb00faec744ff0a4d6d141071eef2baa70769
- SHA256
  
  17f96397035fded780c11562876cd455b635d98255f2052912afcd113c1a55d6
- SHA512
  
  e5342e1acb9967ec02cb935e413c91726c4005f217120112d5ccc56e11a82a3805673a4c13fff6e1ce808e84ea83e294d89590f02feb04f388f8cff2755aefcc
- SSDEEP
  
  1536:lidHJUw2UZ2RbwbU6Pn1SNHe4HVpHe6B2V8oLMb1Zb4aaGw:loCGUe1SNHe4HVp+rVpLW4pGw
Score

10^/10

tofsee discovery persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverypersistencetrojan

behavioral2

tofseediscoverypersistencetrojan