Gheg (ca11e3f2-cda1-45dc-bed1-8708fa9e27a6)
Tofsee, also known as Gheg, is another botnet analyzed by CERT Polska. Its main job is to send spam, but it is able to do other tasks as well. It is possible thanks to the modular design of this malware – it consists of the main binary (the one user downloads and infects with), which later downloads several additional modules from the C2 server – they modify code by overwriting some of the called functions with their own. An example of some actions these modules perform is spreading by posting click-bait messages on Facebook and VKontakte (Russian social network).
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Tofsee (53e617fc-d71e-437b-a1a1-68b815d1ff49) | Malpedia | Gheg (ca11e3f2-cda1-45dc-bed1-8708fa9e27a6) | Botnet | 1 |