tofsee | 270e15b50f3eb2895ff790fba1b9137672639bbb75d08520c26933364ab010cb | Triage

Sharing

General

Target

270e15b50f3eb2895ff790fba1b9137672639bbb75d08520c26933364ab010cbN.exe
Size

94KB
Sample

250108-zv4r3atjhz
MD5

78ecd98f4df225f36ad1bf18814c8360
SHA1

30e99fdb525eb0163e76c943e6db50b16dce38f7
SHA256

270e15b50f3eb2895ff790fba1b9137672639bbb75d08520c26933364ab010cb
SHA512

b3f3a9be6d66f697f262383553015be43bb427853399a1f774d4418d202898dd2bbdc1ef7edd899c576020746d6f2b6cd0c78d6318eb03f74a525cf8e6816aa6
SSDEEP

1536:HaT5HC7L9vnEexvevA17dfTWmU6WmQt8upcr/d:HaT5aLaexbditRtsrF

Score

10^/10

tofsee discovery persistence trojan

Malware Config

Extracted

Family

tofsee

C2

91.218.38.211

188.130.237.71

185.25.48.10

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  270e15b50f3eb2895ff790fba1b9137672639bbb75d08520c26933364ab010cbN.exe
- Size
  
  94KB
- MD5
  
  78ecd98f4df225f36ad1bf18814c8360
- SHA1
  
  30e99fdb525eb0163e76c943e6db50b16dce38f7
- SHA256
  
  270e15b50f3eb2895ff790fba1b9137672639bbb75d08520c26933364ab010cb
- SHA512
  
  b3f3a9be6d66f697f262383553015be43bb427853399a1f774d4418d202898dd2bbdc1ef7edd899c576020746d6f2b6cd0c78d6318eb03f74a525cf8e6816aa6
- SSDEEP
  
  1536:HaT5HC7L9vnEexvevA17dfTWmU6WmQt8upcr/d:HaT5aLaexbditRtsrF
Score

10^/10

tofsee discovery persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Tofsee family
  tofsee
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverypersistencetrojan

behavioral2

tofseediscoverypersistencetrojan