tofsee | 610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
Size

327KB
Sample

220121-g83stadhcp
MD5

4a1bfae4cf1a7e216f0f3eabc335e742
SHA1

0cb0ba6b2425caf4b655ee59ead504e1b8f86b1f
SHA256

610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
SHA512

4cb5b51ef242eee2157292497198aa646631cd3dfe9f98b18f975f0e8fa9cacbd8f5057f3b56cd2a43f3bc7d0a29b2e259aaa645a00561112941f4007a8ea015

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9.exe

Resource

win10-en-20211208

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

patmushta.info

ovicrush.cn

Targets

- Target
  
  610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
- Size
  
  327KB
- MD5
  
  4a1bfae4cf1a7e216f0f3eabc335e742
- SHA1
  
  0cb0ba6b2425caf4b655ee59ead504e1b8f86b1f
- SHA256
  
  610ee49914c48864ef518cd6511280d4723f8ed717b239e325bb05fca41b1be9
- SHA512
  
  4cb5b51ef242eee2157292497198aa646631cd3dfe9f98b18f975f0e8fa9cacbd8f5057f3b56cd2a43f3bc7d0a29b2e259aaa645a00561112941f4007a8ea015
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy