tofsee | 733c27d4e791383b17b24af48e088fcb6efe8af55ac0e5ece50f75403bacb0aa | Triage

Sharing

General

Target

JaffaCakes118_d4a0fe13c826a3d72cb8cf4b3321bab5
Size

110KB
Sample

250209-2y24ravqem
MD5

d4a0fe13c826a3d72cb8cf4b3321bab5
SHA1

57ee096c9480cfecaf4b0a7d522b72e770ee2487
SHA256

733c27d4e791383b17b24af48e088fcb6efe8af55ac0e5ece50f75403bacb0aa
SHA512

d6ab331f9b91b6309560f9e8d0a70aa289147d0ef687781254b2c11e13edff89e1825b6226ed66ecccf678bc47ac01356f9ddcdf0c4c34fb8c4ad4f353a2ff8e
SSDEEP

1536:Dw2sGCx1bXkStPTyNROxLHt86pMTkmC37W3AY8OWN0q:DwDt7y0Ln+Tbg3Nh

Score

10^/10

tofsee discovery persistence trojan

Malware Config

Extracted

Family

tofsee

C2

31.210.119.2

188.165.132.183

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

- Target
  
  JaffaCakes118_d4a0fe13c826a3d72cb8cf4b3321bab5
- Size
  
  110KB
- MD5
  
  d4a0fe13c826a3d72cb8cf4b3321bab5
- SHA1
  
  57ee096c9480cfecaf4b0a7d522b72e770ee2487
- SHA256
  
  733c27d4e791383b17b24af48e088fcb6efe8af55ac0e5ece50f75403bacb0aa
- SHA512
  
  d6ab331f9b91b6309560f9e8d0a70aa289147d0ef687781254b2c11e13edff89e1825b6226ed66ecccf678bc47ac01356f9ddcdf0c4c34fb8c4ad4f353a2ff8e
- SSDEEP
  
  1536:Dw2sGCx1bXkStPTyNROxLHt86pMTkmC37W3AY8OWN0q:DwDt7y0Ln+Tbg3Nh
Score

10^/10

tofsee discovery persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Tofsee family
  tofsee
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseediscoverypersistencetrojan

behavioral2

tofseediscoverypersistencetrojan