tofsee | f59e5b7c4dcddee2305fbdc248f4f263c5c46cd3956af2c9d86d73052707e59b | Triage

Sharing

General

Target

a44ab00752a1ff659341e7b3c15e5fa0_JaffaCakes118
Size

147KB
Sample

241126-1qe4ks1pcv
MD5

a44ab00752a1ff659341e7b3c15e5fa0
SHA1

8b0213c26aabab3d10ca29422fe34595d3c922d7
SHA256

f59e5b7c4dcddee2305fbdc248f4f263c5c46cd3956af2c9d86d73052707e59b
SHA512

22ac97932a308853c83c260a512a412c5c2bb33990480ed9f4a1de7ae99e617d558d774e5f9374486e5262c8fc4cadfb6315bda6ad9f959f2daba2ac2cd57bb1
SSDEEP

3072:kjA2U73tlSZjnixmCWc7+V4AS7IADqTf+1FxM7KYUw1z20giL81Yp0:kjA2U73oj7EC4AbLTf+1F4Kw1z20giT0

Score

10^/10

tofsee discovery trojan

Malware Config

Extracted

Family

tofsee

C2

94.242.250.149

91.218.38.245

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  uvnllfxk.exe
- Size
  
  34.1MB
- MD5
  
  2f681fe6591187ce3aaf014abc7f00b3
- SHA1
  
  3d69cf7428fc10ee601a9011ccee1719275987d9
- SHA256
  
  259dea5a8a0bf108c09339fea8da0c74fe0959175c56bb8c8d054c586a7128c3
- SHA512
  
  eb9ad3e9afe22e2004f6a3dc6abf267dcf84fbc2f7984e066435a0ec619af2361c92a732fa3f5213639fe4230808107d0b7b686feb4bd30cccc46ae213a380ac
- SSDEEP
  
  12288:KisnNo6S1SIS1SIS1SIS1SIS1SIS1SIS1SIS1SIS1SIS1SIS1SIS1SIS1SIS1SIu:V
Score

10^/10

tofsee discovery trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Tofsee family
  tofsee
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverytrojan

behavioral2