<<< Hide Navigation Hide TOC >>>

TONERJAM (540b3e66-edbf-40ee-ae05-474b27c1ff40)

TONERJAM is a launcher that decrypts and executes a shellcode payload, in this case PHANTOMNET, stored as an encrypted local file and decrypts it using an AES key derived from a SHA hash of the final 16 bytes of the encrypted payload. TONERJAM maintains persistence via the Run registry key or by hijacking COM objects depending on the permissions granted to it upon execution.

Rows: 4

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Backdoor Threat Actor		Clear Backdoor Tool	Clear 1 2
UNC5330 (c5ea778c-df2f-4c63-b401-dded9cb2419c)	Threat Actor	TONERJAM (540b3e66-edbf-40ee-ae05-474b27c1ff40)	Tool	1
PHANTOMNET (f97ea150-a727-4d47-823a-41de07a43ea9)	Backdoor	TONERJAM (540b3e66-edbf-40ee-ae05-474b27c1ff40)	Tool	1
UNC5330 (c5ea778c-df2f-4c63-b401-dded9cb2419c)	Threat Actor	PHANTOMNET (f97ea150-a727-4d47-823a-41de07a43ea9)	Backdoor	2
UNC5330 (c5ea778c-df2f-4c63-b401-dded9cb2419c)	Threat Actor	GOST (c9f26173-ba82-4ed2-adbd-e2e07f582f31)	Tool	2