Severity
High
Analysis Summary
Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and gather user data. The malware has the ability to download more modules to carry out different activities. It can track users’ online activities, steal personal information and credentials, and change browser and DNS settings. Tofsee can be distributed via email as attachments or by bundling it with other programs.
Impact
- Information Theft
- Credential Theft
- Crypto-Mining
Indicators of Compromise
MD5
- 41b7c786e226d7f14058a9bfd5fa70fe
- b465aca1131446d66d14a9e3eec76055
- 88c500b3eef202685e39502ccff22c54
- a1138247159f3dd8284b05ec3e2828f0
SHA-256
- 5c22293d8b269641ba16dd9bfc2f031b636ab856ea64125a9acb2da606f715c9
- 3b9d5867a1bb262e88b06023945449f78c65df8dd207f55c874382306694ffc8
- 151d77b828545660aef7e358ebbb223920dab5085a69b538b8146ff43cce9d16
- 9353140ff4d0b59c8109b1315353a167999c80b98ac6a69016410b76d60638b7
SHA-1
- 5e213f47ff3e25817dae44f212f60cb63f7614d9
- 30095dac8f3331dafeb80e091945fc0bed243ba8
- a56d9177d6c85c8ac22730e317471a9038e960b2
- d8c2d29ae4c581f7818f53f9193e3900e7939861
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.