tofsee | a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
Size

255KB
Sample

220122-f4k7jahgd6
MD5

2164d11ac4bece1ee6b8b27439067db1
SHA1

5640beeddf1ffeef5cf9e92ad09f83eb5ebd3ce0
SHA256

a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
SHA512

a64c180affb82fb76d95bde7f5be53fd659313238f9e6b533c5fd69e62fac37f0a0e0c2a94bc043f9eafb544da0213a5b37b8d31b5b3795953ebdab28ff0ce89

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86.exe

Resource

win10-en-20211208

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

patmushta.info

ovicrush.cn

Targets

- Target
  
  a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
- Size
  
  255KB
- MD5
  
  2164d11ac4bece1ee6b8b27439067db1
- SHA1
  
  5640beeddf1ffeef5cf9e92ad09f83eb5ebd3ce0
- SHA256
  
  a4ce0264f0ce6dc38a8a77eb3325743bec58a6979da97c86d806c0c0a0838d86
- SHA512
  
  a64c180affb82fb76d95bde7f5be53fd659313238f9e6b533c5fd69e62fac37f0a0e0c2a94bc043f9eafb544da0213a5b37b8d31b5b3795953ebdab28ff0ce89
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy