General

  • Target

    aee866c403304b93df8b255fb452ec1a25b9115bc8357489e42a2498b065d6e7.exe

  • Size

    13.7MB

  • Sample

    250124-fzqlfssrgp

  • MD5

    230a0f7a92817287a65dedd374a65de1

  • SHA1

    1ae84ba5933c65e5bfd2b65841f3e0088ee9f441

  • SHA256

    aee866c403304b93df8b255fb452ec1a25b9115bc8357489e42a2498b065d6e7

  • SHA512

    9075bc4925db24a6abbd2d42b427208b19f2fadd652d816f99a811f10164123235bf66eabb6ea5595646ef31564963f8fc1459fe4322b73aa2e40e11df9cf1b3

  • SSDEEP

    12288:vk6XHDS5TD26H7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7ZF:xXj

Malware Config

Extracted

Family

tofsee

C2

patmushta.info

ovicrush.cn

Targets

    • Target

      aee866c403304b93df8b255fb452ec1a25b9115bc8357489e42a2498b065d6e7.exe

    • Size

      13.7MB

    • MD5

      230a0f7a92817287a65dedd374a65de1

    • SHA1

      1ae84ba5933c65e5bfd2b65841f3e0088ee9f441

    • SHA256

      aee866c403304b93df8b255fb452ec1a25b9115bc8357489e42a2498b065d6e7

    • SHA512

      9075bc4925db24a6abbd2d42b427208b19f2fadd652d816f99a811f10164123235bf66eabb6ea5595646ef31564963f8fc1459fe4322b73aa2e40e11df9cf1b3

    • SSDEEP

      12288:vk6XHDS5TD26H7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7Z7ZF:xXj

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Tofsee family

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.