Skip to content

Hide Navigation Hide TOC

TSCookie (a71ed71f-b8f4-416d-9c57-910a42e59430)

TSCookie itself only serves as a downloader. It expands functionality by downloading modules from C&C servers. The sample that was examined downloaded a DLL file which has exfiltrating function among many others (hereafter “TSCookieRAT”). Downloaded modules only runs on memory.

Cluster A Galaxy A Cluster B Galaxy B Level
PLEAD (Windows) (43a56ed7-8092-4b36-998c-349b02b3bd0d) Malpedia TSCookie (a71ed71f-b8f4-416d-9c57-910a42e59430) Tool 1
TSCookie (a71ed71f-b8f4-416d-9c57-910a42e59430) Tool TSCookie (592f7cc6-1e07-4d83-8082-aef027e9f1e2) Malpedia 1
TSCookie (a71ed71f-b8f4-416d-9c57-910a42e59430) Tool PLEAD (d1482c9e-6af3-11e8-aa8e-279274bd10c7) Tool 1
PLEAD (Windows) (43a56ed7-8092-4b36-998c-349b02b3bd0d) Malpedia PLEAD (d1482c9e-6af3-11e8-aa8e-279274bd10c7) Tool 2