General
-
Target
supvobl.exe
-
Size
12.5MB
-
Sample
200510-dz18eg1lgs
-
MD5
be286c784044379ca9a6ca6e7211a29f
-
SHA1
bf8010a0e4b7ae88095bd9ee303707f4c0da549e
-
SHA256
d05cd710559cb6a23a84f44bfe88b91582862c7d70134cf71807ae0c49964993
-
SHA512
862e1beffa2cd58cd606a9edf2be79a03ca4a93f2edd6528e91eed2f68ad889e2e76dd43f164cd8f7eb02567504cbcf9581f730177f841a3e5a0298b48674b13
Malware Config
Targets
-
-
Target
supvobl.exe
-
Size
12.5MB
-
MD5
be286c784044379ca9a6ca6e7211a29f
-
SHA1
bf8010a0e4b7ae88095bd9ee303707f4c0da549e
-
SHA256
d05cd710559cb6a23a84f44bfe88b91582862c7d70134cf71807ae0c49964993
-
SHA512
862e1beffa2cd58cd606a9edf2be79a03ca4a93f2edd6528e91eed2f68ad889e2e76dd43f164cd8f7eb02567504cbcf9581f730177f841a3e5a0298b48674b13
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-