tofsee | 69b07662024f000cf1fb480d083e4def873b45981f9c82d3230ce9a0265addc2 | Triage

Sharing

General

Target

dfb88b02f63ed6cdab5e891ea96d0b33_JaffaCakes118
Size

273KB
Sample

241211-d2jvksypcj
MD5

dfb88b02f63ed6cdab5e891ea96d0b33
SHA1

6fb1de517d54d48ac4e3b60256532c667be07b59
SHA256

69b07662024f000cf1fb480d083e4def873b45981f9c82d3230ce9a0265addc2
SHA512

608d8a9435c557ec4b2184104fff137b5f24180a0d61868f9ee8872fed1fde8c2741788b7761190e848764fa231d18c7fbd861f7dabd6e119513fa6401f3e922
SSDEEP

3072:ydC8qbyTR4lccnGEaORCLFWkA1uVi9XuP7+aCTUlW5BywfzEFFUyrhw4Xl:KgC4lcQ/luFcuc1ijHlsywfzgUyFw

Score

10^/10

tofsee discovery persistence trojan

Malware Config

Extracted

Family

tofsee

C2

91.218.38.245

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  dfb88b02f63ed6cdab5e891ea96d0b33_JaffaCakes118
- Size
  
  273KB
- MD5
  
  dfb88b02f63ed6cdab5e891ea96d0b33
- SHA1
  
  6fb1de517d54d48ac4e3b60256532c667be07b59
- SHA256
  
  69b07662024f000cf1fb480d083e4def873b45981f9c82d3230ce9a0265addc2
- SHA512
  
  608d8a9435c557ec4b2184104fff137b5f24180a0d61868f9ee8872fed1fde8c2741788b7761190e848764fa231d18c7fbd861f7dabd6e119513fa6401f3e922
- SSDEEP
  
  3072:ydC8qbyTR4lccnGEaORCLFWkA1uVi9XuP7+aCTUlW5BywfzEFFUyrhw4Xl:KgC4lcQ/luFcuc1ijHlsywfzgUyFw
Score

10^/10

tofsee discovery persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Tofsee family
  tofsee
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverypersistencetrojan

behavioral2