General
-
Target
fbc9e84fb81152a95566bd66ede967f1d692510af8f7f924f0efe3b8ae14716c
-
Size
13.4MB
-
Sample
210511-jh5ey3edws
-
MD5
eae2de97ac74226b034dbfbf1f14c381
-
SHA1
befe1909f932e5ac0ff26a67057dab71d016d18f
-
SHA256
fbc9e84fb81152a95566bd66ede967f1d692510af8f7f924f0efe3b8ae14716c
-
SHA512
89da3a276cc3376c441cb06a3a005a4dbfdda8b00e411ec3adf5ea067cc0a0a34bcf319a32c45a56a44ba76a5fca0d0d581133477e9d543289a4668d26bfe8ec
Malware Config
Targets
-
-
Target
fbc9e84fb81152a95566bd66ede967f1d692510af8f7f924f0efe3b8ae14716c
-
Size
13.4MB
-
MD5
eae2de97ac74226b034dbfbf1f14c381
-
SHA1
befe1909f932e5ac0ff26a67057dab71d016d18f
-
SHA256
fbc9e84fb81152a95566bd66ede967f1d692510af8f7f924f0efe3b8ae14716c
-
SHA512
89da3a276cc3376c441cb06a3a005a4dbfdda8b00e411ec3adf5ea067cc0a0a34bcf319a32c45a56a44ba76a5fca0d0d581133477e9d543289a4668d26bfe8ec
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-