tofsee | f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
Size

295KB
Sample

211125-tsrrtsfgbp
MD5

75297b62bc49e2e03e350466349c4736
SHA1

f7c2f9140746f35cb9a310b18d5c2a82dd1d566a
SHA256

f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
SHA512

73855d458ba87d26cec322a4522b2566018f763826f10d82c8b5646947f35e0d8b62cf71baf152e0eaeee9522c7e279538975c0d84f461e93e470d8aa4ba0aab

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c.exe

Resource

win10-en-20211014

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

quadoil.ru

lakeflex.ru

Targets

- Target
  
  f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
- Size
  
  295KB
- MD5
  
  75297b62bc49e2e03e350466349c4736
- SHA1
  
  f7c2f9140746f35cb9a310b18d5c2a82dd1d566a
- SHA256
  
  f27da59d0c8e19b30e94dd80adf5b6e981adcd85b74ba230ae74fccabda56b3c
- SHA512
  
  73855d458ba87d26cec322a4522b2566018f763826f10d82c8b5646947f35e0d8b62cf71baf152e0eaeee9522c7e279538975c0d84f461e93e470d8aa4ba0aab
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy