Overview

overview

10

Static

static

5

11958bc774...18.exe

windows7-x64

10

11958bc774...18.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11958bc7744b76dc86b2c1e8420b2ca5_JaffaCakes118

  • Size

    161KB

  • Sample

    241004-dm549svfld

  • MD5

    11958bc7744b76dc86b2c1e8420b2ca5

  • SHA1

    1fc72a14dc47ba815ca3598bf8a61197bb3efa02

  • SHA256

    c73068d1911e20cac7b4fb5b76f70fa51b3ef71fc89a342ab52e2496d2ae34f9

  • SHA512

    b8175d2470857e58c06a9d07ee966b265d6932843bd258d82a86de0e01042b9ba061e67e17c6645302ca977b3480026b4f98696e320127924b684e8dfcfd72d1

  • SSDEEP

    3072:mB937ksA4e6Ons5t3CUH1a86KUwA+bzPW6LjuIdYHTHOdXQ:mn37ks8nOtVT1mUjeDORQ

Score
10/10
tofseediscoverypersistencetrojanupx

Malware Config

Extracted

Family

tofsee

C2

208.131.138.216

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

    • Target

      11958bc7744b76dc86b2c1e8420b2ca5_JaffaCakes118

    • Size

      161KB

    • MD5

      11958bc7744b76dc86b2c1e8420b2ca5

    • SHA1

      1fc72a14dc47ba815ca3598bf8a61197bb3efa02

    • SHA256

      c73068d1911e20cac7b4fb5b76f70fa51b3ef71fc89a342ab52e2496d2ae34f9

    • SHA512

      b8175d2470857e58c06a9d07ee966b265d6932843bd258d82a86de0e01042b9ba061e67e17c6645302ca977b3480026b4f98696e320127924b684e8dfcfd72d1

    • SSDEEP

      3072:mB937ksA4e6Ons5t3CUH1a86KUwA+bzPW6LjuIdYHTHOdXQ:mn37ks8nOtVT1mUjeDORQ

    Score
    10/10
    tofseediscoverypersistencetrojanupx

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks