tofsee | 2cd6a8c3f5d0d58e30ec39a6343eddc7cbd86ee00b8ccb3b8de51683e0c411d5 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

2cd6a8c3f5d0d58e30ec39a6343eddc7cbd86ee00b8ccb3b8de51683e0c411d5
Size

154KB
Sample

210926-ztbd5afcdr
MD5

c782296b3f9a63691d54252f4b0daa4c
SHA1

b633d722bbdde0526469c1032fab16f31a368b72
SHA256

2cd6a8c3f5d0d58e30ec39a6343eddc7cbd86ee00b8ccb3b8de51683e0c411d5
SHA512

ea04bd7bed35738efa5277e35cc6f6f3a31a6d0fcc7939d792d7314fa6df08ed7358077f4de9465555de4e9d9b3fb0692055b4c34538a28ca3bc71b0c35856ad

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

2cd6a8c3f5d0d58e30ec39a6343eddc7cbd86ee00b8ccb3b8de51683e0c411d5.exe

Resource

win10-en-20210920

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2cd6a8c3f5d0d58e30ec39a6343eddc7cbd86ee00b8ccb3b8de51683e0c411d5
- Size
  
  154KB
- MD5
  
  c782296b3f9a63691d54252f4b0daa4c
- SHA1
  
  b633d722bbdde0526469c1032fab16f31a368b72
- SHA256
  
  2cd6a8c3f5d0d58e30ec39a6343eddc7cbd86ee00b8ccb3b8de51683e0c411d5
- SHA512
  
  ea04bd7bed35738efa5277e35cc6f6f3a31a6d0fcc7939d792d7314fa6df08ed7358077f4de9465555de4e9d9b3fb0692055b4c34538a28ca3bc71b0c35856ad
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy