tofsee | c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
Size

202KB
Sample

211211-mla26sbcb9
MD5

01b9dc754ed0112ca8b5342acfc9f9b2
SHA1

46a8e0f1583b26d5e2122a475a879bbb5457d45c
SHA256

c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
SHA512

196b404efc9bd6050c0e1ea60feaffecb2275d5846730706f69d719641e3ac09ddf311566b6285c5ce01b54e3fe5bf6a2d827034275ed032e2a56f53d6a2322e

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600.exe

Resource

win10-en-20211208

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

mubrikych.top

oxxyfix.xyz

Targets

- Target
  
  c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
- Size
  
  202KB
- MD5
  
  01b9dc754ed0112ca8b5342acfc9f9b2
- SHA1
  
  46a8e0f1583b26d5e2122a475a879bbb5457d45c
- SHA256
  
  c25a8bd40cd1a3b511c971e412a1e3bbcca6419b74c4cf243524c73a81f59600
- SHA512
  
  196b404efc9bd6050c0e1ea60feaffecb2275d5846730706f69d719641e3ac09ddf311566b6285c5ce01b54e3fe5bf6a2d827034275ed032e2a56f53d6a2322e
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy