Manuel Statik Analiz — Tofsee Spam Botnet | Tehdit: YUKSEK
Fichier Kimligi
| SHA256 | ec21a7eb3f763990280dfa0be8634c36365d3b3b5a52933cd2dcf90038755aa2 |
|---|---|
| Taille | 78.336 byte |
| String Sayisi | 546 |
Gelistirici PDB Izi
C:\Users\Bruno\Desktop\file.exe -- Gelistirici makinasinda "Bruno" kullanici adi tespiti!
mail.ru Spam Kampanyasi
mail.ru -- Rus email servisi spam hedefi
svchost Injection
svchost.exe -- Process injection hedefi (gizlenme) LocalHost -- C2 yerel proxy referansi
Tofsee Hakkinda
Tofsee, 2013'ten beri aktif olan C++ tabanli spam botnet ailesidir. Svchost.exe injection ile gizlenir, mail.ru ve benzeri email servisleri uzerinden spam kampanyalari yurutebilir. Sifrelenmis C2 ile iletisim kurar, modular yapi ile bitcoin mining, DDoS ve proxy modulleri destekler.
IOC
| SHA256 | ec21a7eb3f763990280dfa0be8634c36365d3b3b5a52933cd2dcf90038755aa2 |
|---|---|
| PDB | C:\Users\Bruno\Desktop\file.exe |
| Spam Hedef | mail.ru |
Tofsee — Profil du malware
Tofsee spambot. Bruno Desktop file.exe PDB. NtQueryInformationToken privilege. ESMTP mx connect. respons typo.
Type de malware
Botnet
Langage de programmation
C++
Protocole C2
TCP
Systèmes ciblés
Kuresel Email
Capacités et comportement
DDoS Saldırısı
Botnet Genişletme
Brute Force Taran
Payload Dağıtımı
Uzaktan Komut
Ağ Tarama
Kimlik Bilgisi Çalma
IoT Cihaz Kontrolü
Liste IOC (1 indicateurs)
IOC — Tofsee
# SHA256
ec21a7eb3f763990280dfa0be8634c36365d3b3b5a52933cd2dcf90038755aa2
| Type | Valeur | Note |
|---|---|---|
| sha256 | ec21a7eb3f763990280dfa0be8634c36365d3b3b5a52933cd2dcf90038755aa2 |