tofsee | 0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
Size

315KB
Sample

211127-kwhtnahgcn
MD5

ac7988f4e59d807f41a4a2163538fd46
SHA1

ab29b1ea7a76e8c9dfb61a8827e3c617416df95f
SHA256

0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
SHA512

cd9441be653eac1eb54647abbca76162abdf2618b44ded7b710e9a5fb5af5a1f4bb221f1e85e4ede43c66ea60e0a82d2ce627414b93f731478f9c5fff2cf5130

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2.exe

Resource

win10-en-20211104

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

quadoil.ru

lakeflex.ru

Targets

- Target
  
  0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
- Size
  
  315KB
- MD5
  
  ac7988f4e59d807f41a4a2163538fd46
- SHA1
  
  ab29b1ea7a76e8c9dfb61a8827e3c617416df95f
- SHA256
  
  0428125808208688f048820edba8be134d27861b5af8e8af6a178a88846cdde2
- SHA512
  
  cd9441be653eac1eb54647abbca76162abdf2618b44ded7b710e9a5fb5af5a1f4bb221f1e85e4ede43c66ea60e0a82d2ce627414b93f731478f9c5fff2cf5130
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy