tofsee | 287e002bf329ee3f6ec1230b485c5f031d91dd390e5a6e9052d523a7dd5dc3bc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

287e002bf329ee3f6ec1230b485c5f031d91dd390e5a6e9052d523a7dd5dc3bc
Size

177KB
Sample

211126-tv8hcsddfn
MD5

97bc4f010461e0fc785ac95d30924b98
SHA1

dd69f99df6d60fef9823413dd803894134a756f0
SHA256

287e002bf329ee3f6ec1230b485c5f031d91dd390e5a6e9052d523a7dd5dc3bc
SHA512

38692893660a36879146a064b0a32730977bd13f71a4a887ff203840f2cb6a5fd360ccce59499286508b7e3c123c7fb87702ba3755e8d664310b1d86c8be7660

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

287e002bf329ee3f6ec1230b485c5f031d91dd390e5a6e9052d523a7dd5dc3bc.exe

Resource

win10-en-20211104

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

quadoil.ru

lakeflex.ru

Targets

- Target
  
  287e002bf329ee3f6ec1230b485c5f031d91dd390e5a6e9052d523a7dd5dc3bc
- Size
  
  177KB
- MD5
  
  97bc4f010461e0fc785ac95d30924b98
- SHA1
  
  dd69f99df6d60fef9823413dd803894134a756f0
- SHA256
  
  287e002bf329ee3f6ec1230b485c5f031d91dd390e5a6e9052d523a7dd5dc3bc
- SHA512
  
  38692893660a36879146a064b0a32730977bd13f71a4a887ff203840f2cb6a5fd360ccce59499286508b7e3c123c7fb87702ba3755e8d664310b1d86c8be7660
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy