tofsee | 1f6a39c4520debfe0f31de642611dfe844c67eb5fc7b4af138df9c6b191a14a1 | Triage

Sharing

General

Target

JaffaCakes118_633916351d1724c5dee57d31ee60adb6
Size

112KB
Sample

250102-g8gkkszrel
MD5

633916351d1724c5dee57d31ee60adb6
SHA1

fddbffaf67742208cad9036564acdae7520d3390
SHA256

1f6a39c4520debfe0f31de642611dfe844c67eb5fc7b4af138df9c6b191a14a1
SHA512

32364dd7dcda32dc3148bc724282fea427494eaa3045096749f68479cd7eb3c2842290cb72b9de0c33965d453cb4792ee17874d6b27f9238cecc2e968afb1977
SSDEEP

3072:gjgRyvXEFiKfQ15q4Qe4FVwtwwgs4XBcO4:HRGX4kC1eZ6w

Score

10^/10

tofsee discovery persistence trojan

Malware Config

Extracted

Family

tofsee

C2

111.121.193.238

188.190.114.19

103.244.1.233

188.165.132.183

213.155.0.208

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  JaffaCakes118_633916351d1724c5dee57d31ee60adb6
- Size
  
  112KB
- MD5
  
  633916351d1724c5dee57d31ee60adb6
- SHA1
  
  fddbffaf67742208cad9036564acdae7520d3390
- SHA256
  
  1f6a39c4520debfe0f31de642611dfe844c67eb5fc7b4af138df9c6b191a14a1
- SHA512
  
  32364dd7dcda32dc3148bc724282fea427494eaa3045096749f68479cd7eb3c2842290cb72b9de0c33965d453cb4792ee17874d6b27f9238cecc2e968afb1977
- SSDEEP
  
  3072:gjgRyvXEFiKfQ15q4Qe4FVwtwwgs4XBcO4:HRGX4kC1eZ6w
Score

10^/10

tofsee discovery persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Tofsee family
  tofsee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverypersistencetrojan

behavioral2

tofseediscoverypersistencetrojan