Overview

overview

10

Static

static

67028aabe2...6c.exe

windows7_x64

10

67028aabe2...6c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67028aabe2cfc93bb2bd427180e69608028b0dc1643cad2b09b92e710feb826c

  • Size

    12.2MB

  • Sample

    210516-rgm2edbd1n

  • MD5

    c62316dbc00c3d7f84e4d54beea3682a

  • SHA1

    f806b1f9dd693dcfa82de9aaf6dc329e0db0b89c

  • SHA256

    67028aabe2cfc93bb2bd427180e69608028b0dc1643cad2b09b92e710feb826c

  • SHA512

    938cbe781cd4f98c197b546c21f73840f3b23cfe7ca890e340f84f03cce46993506d180a8977dd4e02aa7d2ab8890d135151c1450b27f2504a5840a041121cab

Score
10/10
tofseexmrigevasionminerpersistencetrojan

Malware Config

Targets

    • Target

      67028aabe2cfc93bb2bd427180e69608028b0dc1643cad2b09b92e710feb826c

    • Size

      12.2MB

    • MD5

      c62316dbc00c3d7f84e4d54beea3682a

    • SHA1

      f806b1f9dd693dcfa82de9aaf6dc329e0db0b89c

    • SHA256

      67028aabe2cfc93bb2bd427180e69608028b0dc1643cad2b09b92e710feb826c

    • SHA512

      938cbe781cd4f98c197b546c21f73840f3b23cfe7ca890e340f84f03cce46993506d180a8977dd4e02aa7d2ab8890d135151c1450b27f2504a5840a041121cab

    Score
    10/10
    tofseexmrigevasionminerpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks