tofsee | 773ed267ba4f811688af03c9a4c9d8acf03be9fab275c40c69986d1658870f59 | Triage

Sharing

General

Target

JaffaCakes118_6f1d008c6d0499aa29a2e2942d362960
Size

73KB
Sample

250103-yhdvfasrej
MD5

6f1d008c6d0499aa29a2e2942d362960
SHA1

853c07f3cd4823ce6c3e782ca5fa0c3fddeb28c8
SHA256

773ed267ba4f811688af03c9a4c9d8acf03be9fab275c40c69986d1658870f59
SHA512

dd6a01faf5f6a8e72041ea6b90c1dce38ec996627a77a8f8576431d9e3dbb6db235794e71518903f2e34416f64caf8670306ca2b2ab978b310f4e3211d13b344
SSDEEP

1536:gLxnAv2aSRpdNAZNBGa5TsFPChwbaJgX5DHu+/Ou9O39:6+v2TAAa5TEMw+Kzr9O39

Score

10^/10

tofsee discovery persistence trojan

Malware Config

Extracted

Family

tofsee

C2

94.242.250.149

91.218.38.245

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  JaffaCakes118_6f1d008c6d0499aa29a2e2942d362960
- Size
  
  73KB
- MD5
  
  6f1d008c6d0499aa29a2e2942d362960
- SHA1
  
  853c07f3cd4823ce6c3e782ca5fa0c3fddeb28c8
- SHA256
  
  773ed267ba4f811688af03c9a4c9d8acf03be9fab275c40c69986d1658870f59
- SHA512
  
  dd6a01faf5f6a8e72041ea6b90c1dce38ec996627a77a8f8576431d9e3dbb6db235794e71518903f2e34416f64caf8670306ca2b2ab978b310f4e3211d13b344
- SSDEEP
  
  1536:gLxnAv2aSRpdNAZNBGa5TsFPChwbaJgX5DHu+/Ou9O39:6+v2TAAa5TEMw+Kzr9O39
Score

10^/10

tofsee discovery persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Tofsee family
  tofsee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverypersistencetrojan

behavioral2

tofseediscoverypersistencetrojan