TONESHELL

Description

(Trend Micro) The TONESHELL malware is the main backdoor used in this campaign. It is a shellcode loader that loads and decodes the backdoor shellcode with a 32-byte key in memory. In the earlier version of TONESHELL, it has the capabilities from TONEINS malware, including establishing persistence and installing backdoors. However, the more recent version of TONESHELL is a standalone backdoor without any installer capabilities (such as the file ~$Talk points.docx). It is also obfuscated in a similar fashion to TONEINS malware, indicating that the actors continue to update the arsenal and separate the tools in order to bypass detection.

Names

Name
TONESHELL

Type

Backdoor

Information

https://www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.toneshell

Other Information

Uuid

3bc9fc28-dd20-43a8-a503-e09005df86c7

Last Card Change

2023-06-22

Threat Intelligence Garden

Explorer

TONESHELL

TONESHELL

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks