tofsee | 96232834d8461762244339e7d091df62d4c4d8e7d292f9be44586923e06b422a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

96232834d8461762244339e7d091df62d4c4d8e7d292f9be44586923e06b422a
Size

235KB
Sample

211210-wqwzwahdb8
MD5

d30d640dcb97296b95d1072657f01f62
SHA1

72c89c2960623c1a610f8c80b2c6a594aa508f70
SHA256

96232834d8461762244339e7d091df62d4c4d8e7d292f9be44586923e06b422a
SHA512

9658901fea3d10ed197046e469d84147c7362443ea812d46e156a21a2528fbcbf643499a80b5cb6aa4ab3873009f459996db181b3880556f5521dfceb02fbe78

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

96232834d8461762244339e7d091df62d4c4d8e7d292f9be44586923e06b422a.exe

Resource

win10-en-20211208

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

mubrikych.top

oxxyfix.xyz

Targets

- Target
  
  96232834d8461762244339e7d091df62d4c4d8e7d292f9be44586923e06b422a
- Size
  
  235KB
- MD5
  
  d30d640dcb97296b95d1072657f01f62
- SHA1
  
  72c89c2960623c1a610f8c80b2c6a594aa508f70
- SHA256
  
  96232834d8461762244339e7d091df62d4c4d8e7d292f9be44586923e06b422a
- SHA512
  
  9658901fea3d10ed197046e469d84147c7362443ea812d46e156a21a2528fbcbf643499a80b5cb6aa4ab3873009f459996db181b3880556f5521dfceb02fbe78
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy