Source: 0.3.file.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.file.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.file.exe.2d20e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.file.exe.2d20e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.qtcnnjjg.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.qtcnnjjg.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.qtcnnjjg.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.qtcnnjjg.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 14.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 14.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.qtcnnjjg.exe.2da0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.qtcnnjjg.exe.2da0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.file.exe.2d20e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.file.exe.2d20e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 14.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 14.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.3.qtcnnjjg.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.3.qtcnnjjg.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.3.qtcnnjjg.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.3.qtcnnjjg.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 11.2.qtcnnjjg.exe.2da0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 11.2.qtcnnjjg.exe.2da0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.file.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0.3.file.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000002.344749194.0000000002DA8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 00000000.00000002.342422923.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000002.342422923.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000002.344302410.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 00000000.00000002.344302410.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000003.354409615.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000B.00000003.354409615.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000002.355868044.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown |
Source: 0000000B.00000002.355868044.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000002.355978031.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000B.00000002.355978031.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000002.355049753.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000B.00000002.355049753.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 00000000.00000003.320355730.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 00000000.00000003.320355730.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0000000B.00000002.356106077.0000000002E23000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown |
Source: 0000000E.00000002.826846421.00000000004D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Tofsee Author: ditekSHen |
Source: 0000000E.00000002.826846421.00000000004D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 Author: unknown |
Source: 0.3.file.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.3.file.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.file.exe.2d20e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.file.exe.2d20e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.qtcnnjjg.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.qtcnnjjg.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.qtcnnjjg.exe.2c40e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.qtcnnjjg.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.qtcnnjjg.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 14.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 14.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.qtcnnjjg.exe.2da0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.qtcnnjjg.exe.2da0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.file.exe.2d20e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.file.exe.2d20e67.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 14.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 14.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.3.qtcnnjjg.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.3.qtcnnjjg.exe.2d40000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.3.qtcnnjjg.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.3.qtcnnjjg.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 11.2.qtcnnjjg.exe.2da0000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 11.2.qtcnnjjg.exe.2da0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0.3.file.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0.3.file.exe.2d40000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000002.344749194.0000000002DA8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 00000000.00000002.342422923.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000002.342422923.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000002.344302410.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 00000000.00000002.344302410.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000003.354409615.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000B.00000003.354409615.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000002.355868044.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23 |
Source: 0000000B.00000002.355868044.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000002.355978031.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000B.00000002.355978031.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000002.355049753.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000B.00000002.355049753.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 00000000.00000003.320355730.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 00000000.00000003.320355730.0000000002D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: 0000000B.00000002.356106077.0000000002E23000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12 |
Source: 0000000E.00000002.826846421.00000000004D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_Tofsee author = ditekSHen, description = Detects Tofsee |
Source: 0000000E.00000002.826846421.00000000004D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Tofsee_26124fe4 reference_sample = e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494, os = windows, severity = x86, creation_date = 2022-03-31, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Tofsee, fingerprint = dc7ada5c6341e98bc41182a5698527b1649c4e80924ba0405f1b94356f63ff31, id = 26124fe4-f2a1-4fc9-8155-585b581476de, last_modified = 2022-04-12 |
Source: unknown | Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\tsqtjgfo\ |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\qtcnnjjg.exe" C:\Windows\SysWOW64\tsqtjgfo\ |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" create tsqtjgfo binPath= "C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe /d\"C:\Users\user\Desktop\file.exe\"" type= own start= auto DisplayName= "wifi support |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" description tsqtjgfo "wifi internet conection |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start tsqtjgfo |
Source: C:\Windows\SysWOW64\sc.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe /d"C:\Users\user\Desktop\file.exe" |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul |
Source: C:\Windows\SysWOW64\netsh.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\tsqtjgfo\ |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\qtcnnjjg.exe" C:\Windows\SysWOW64\tsqtjgfo\ |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" create tsqtjgfo binPath= "C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe /d\"C:\Users\user\Desktop\file.exe\"" type= own start= auto DisplayName= "wifi support |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\sc.exe C:\Windows\System32\sc.exe" description tsqtjgfo "wifi internet conection |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" start tsqtjgfo |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul |
Source: C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe | Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
Source: C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe | Code function: 11_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 14_2_004D9A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
Source: C:\Users\user\Desktop\file.exe | Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
Source: C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe | Code function: 11_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |
Source: C:\Windows\SysWOW64\svchost.exe | Code function: 14_2_004D9A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,lstrlenA,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep, |