f0ad2d31776715ecfcb4b4fda968cab8c8ac875f530bf5ff199b82c147f861b8

General
Target

f0ad2d31776715ecfcb4b4fda968cab8c8ac875f530bf5ff199b82c147f861b8

Size

164KB

Sample

210926-p8v2zaegeq

Score
10 /10
MD5

bd7bd7a952e266a38fda3a94ed6e9e32

SHA1

4a97b8a2b2039cb881e3a593572dae987c1eece1

SHA256

f0ad2d31776715ecfcb4b4fda968cab8c8ac875f530bf5ff199b82c147f861b8

SHA512

2972fb78e5574d447446aba5590aee8938f30dd8a85d9d6baf520de66379f95db5e885a21e35fff00e0d441091788cb8301ab26c69db87a3e6a1fbc7c342968f

Malware Config
Targets
Target

f0ad2d31776715ecfcb4b4fda968cab8c8ac875f530bf5ff199b82c147f861b8

MD5

bd7bd7a952e266a38fda3a94ed6e9e32

Filesize

164KB

Score
10 /10
SHA1

4a97b8a2b2039cb881e3a593572dae987c1eece1

SHA256

f0ad2d31776715ecfcb4b4fda968cab8c8ac875f530bf5ff199b82c147f861b8

SHA512

2972fb78e5574d447446aba5590aee8938f30dd8a85d9d6baf520de66379f95db5e885a21e35fff00e0d441091788cb8301ab26c69db87a3e6a1fbc7c342968f

Tags

Signatures

  • Tofsee

    Description

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • XMRig Miner Payload

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Deletes itself

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1