tofsee | cf76b458a0d294caf87cfc6d6c0f0269fe4d0b5a149c11933dc3f5897ef8bd64 | Triage

Submit
Reports

Overview

overview

Static

static

cf76b458a0...64.exe

windows7_x64

cf76b458a0...64.exe

windows10_x64

Sharing

General

Target

cf76b458a0d294caf87cfc6d6c0f0269fe4d0b5a149c11933dc3f5897ef8bd64
Size

13.7MB
Sample

210716-5rgn63v2x6
MD5

31f47d08ddb80472b7c66a253cabe6be
SHA1

fc694ea2c7afd8c8da90277310a6ab766954144e
SHA256

cf76b458a0d294caf87cfc6d6c0f0269fe4d0b5a149c11933dc3f5897ef8bd64
SHA512

8ee742756fdfd592b9504f73b7dc28cd06919d8c900a708b4a8b85ccb230de4a0e07f1469c0b52827fb5dc6982a47674f6ece249a8ec0669b378b4544d01cb4b

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

cf76b458a0d294caf87cfc6d6c0f0269fe4d0b5a149c11933dc3f5897ef8bd64.exe

Resource

win7v20210410

tofsee xmrig evasion miner persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cf76b458a0d294caf87cfc6d6c0f0269fe4d0b5a149c11933dc3f5897ef8bd64.exe

Resource

win10v20210408

tofsee evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cf76b458a0d294caf87cfc6d6c0f0269fe4d0b5a149c11933dc3f5897ef8bd64
- Size
  
  13.7MB
- MD5
  
  31f47d08ddb80472b7c66a253cabe6be
- SHA1
  
  fc694ea2c7afd8c8da90277310a6ab766954144e
- SHA256
  
  cf76b458a0d294caf87cfc6d6c0f0269fe4d0b5a149c11933dc3f5897ef8bd64
- SHA512
  
  8ee742756fdfd592b9504f73b7dc28cd06919d8c900a708b4a8b85ccb230de4a0e07f1469c0b52827fb5dc6982a47674f6ece249a8ec0669b378b4544d01cb4b
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

behavioral2

tofseeevasionpersistencetrojan

© 2018-2024

Terms | Privacy