Severity
High
Analysis Summary
Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and gather user data. The malware has the ability to download more modules to carry out different activities. It can track users’ online activities, steal personal information and credentials, and change browser and DNS settings. Tofsee can be distributed via email as attachments or by bundling it with other programs. This malware can cause major damage, such as financial loss and computer infections. It is used by cybercriminals to generate as much revenue as possible. The program is likely to install unintentionally, causing a slew of issues for both the system and other users.
Impact
- Information Theft
- Credential Theft
- Crypto-Mining
Indicators of Compromise
MD5
- bcb46340c910325e7b8ee7d01b39cb68
- 80656ff08f9993c221f10177cc319c35
- df3c4d9f8dbc52d178fc1449f4848876
- ff3cc587a7b561716d7f4b4c514da015
- 5994ce91e434fd8d1d97a23592d91ece
SHA-256
- c7ea14d01673a4496c233ccc1d657aec42a38a9633293c3334df337fe248a0b1
- 9976231a200e4162119fc7de89d21dc0210f0849f51456f0af6bd71d25e89a51
- 09bf31bc7fb32395055415c9c3fef9f834d536c9e7e702450833719f67d0950c
- 4b06a5e5adae21bc53c1f20f3e2408a7fd2986cbace14984f08e985a25f78489
- fee1b2f9696f39017002d8a6ff1c35172832bee32d8d8aa2b53603b368254f5f
SHA-1
- e6e5a47af023d1ec68292357c77129c6458fc463
- 46990317475e0e4c666f77e74e41a6c21ff91b94
- e1520f96318bc82f78d96fd9112c49508511f181
- 300ad03b23a25ae79955e8fc9e7d622d98ec6beb
- 4f70fc79feb3b67adb7fb506911f5c41f941a375
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.