tofsee | 30f34e11d0cc3ea3aaa86bf43fcc1f93d3bd0b7bfb101b6c4b4180217261874c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

30f34e11d0cc3ea3aaa86bf43fcc1f93d3bd0b7bfb101b6c4b4180217261874c
Size

164KB
Sample

210926-mzwk2aefh9
MD5

2bb1fbbbed9cc4fadfa75a080379f3fb
SHA1

32c784d175b2c892686d79ef500b3d6a7e286dc9
SHA256

30f34e11d0cc3ea3aaa86bf43fcc1f93d3bd0b7bfb101b6c4b4180217261874c
SHA512

35a409fe79641ad6deeab7176785fb0db9393250fb20f971de0e8ece15dbf20bb36e5593a4b9da0ca1c6c893193aa1a0f160f40c27205dbbbe4dc8bd77d3f409

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

30f34e11d0cc3ea3aaa86bf43fcc1f93d3bd0b7bfb101b6c4b4180217261874c.exe

Resource

win10-en-20210920

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  30f34e11d0cc3ea3aaa86bf43fcc1f93d3bd0b7bfb101b6c4b4180217261874c
- Size
  
  164KB
- MD5
  
  2bb1fbbbed9cc4fadfa75a080379f3fb
- SHA1
  
  32c784d175b2c892686d79ef500b3d6a7e286dc9
- SHA256
  
  30f34e11d0cc3ea3aaa86bf43fcc1f93d3bd0b7bfb101b6c4b4180217261874c
- SHA512
  
  35a409fe79641ad6deeab7176785fb0db9393250fb20f971de0e8ece15dbf20bb36e5593a4b9da0ca1c6c893193aa1a0f160f40c27205dbbbe4dc8bd77d3f409
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy