tofsee | f8b84417b71a1e476b6195904ea2ca4007740d7de21540f25558efe5dcc1bda1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

f8b84417b71a1e476b6195904ea2ca4007740d7de21540f25558efe5dcc1bda1
Size

154KB
Sample

210927-bfrbesfdcn
MD5

43821f948f1e4c990a805803a51050d6
SHA1

8b3704dbf59cafc8ab33902b6990907c2bb9b99a
SHA256

f8b84417b71a1e476b6195904ea2ca4007740d7de21540f25558efe5dcc1bda1
SHA512

e31e2b2841c7f0bb749a8594b7d98f68be3e03ab2ca04ebc095fbc36b5ccfac50cbf60938aa98a18630ec5c62282052bb89564f4e2448255e88bb62eb5df19e5

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

f8b84417b71a1e476b6195904ea2ca4007740d7de21540f25558efe5dcc1bda1.exe

Resource

win10-en-20210920

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f8b84417b71a1e476b6195904ea2ca4007740d7de21540f25558efe5dcc1bda1
- Size
  
  154KB
- MD5
  
  43821f948f1e4c990a805803a51050d6
- SHA1
  
  8b3704dbf59cafc8ab33902b6990907c2bb9b99a
- SHA256
  
  f8b84417b71a1e476b6195904ea2ca4007740d7de21540f25558efe5dcc1bda1
- SHA512
  
  e31e2b2841c7f0bb749a8594b7d98f68be3e03ab2ca04ebc095fbc36b5ccfac50cbf60938aa98a18630ec5c62282052bb89564f4e2448255e88bb62eb5df19e5
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy