tofsee | 24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
Size

249KB
Sample

220123-gawlvafagl
MD5

456487527bafc78d7164633c1cfc3d90
SHA1

34f2e95fcae0f60736fe77609e987c7a6a858df0
SHA256

24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
SHA512

1da0262881bc863af94d968dbf0ddba14786d7a27fe4568bc9e5fbbf65629999c0fda40397bb80801cba64983a905bbec3d999954176e857b4596d7e4aceee29

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8.exe

Resource

win10-en-20211208

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

patmushta.info

ovicrush.cn

Targets

- Target
  
  24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
- Size
  
  249KB
- MD5
  
  456487527bafc78d7164633c1cfc3d90
- SHA1
  
  34f2e95fcae0f60736fe77609e987c7a6a858df0
- SHA256
  
  24f598bda9c42f79ad61fbe66a4d52c815a1b1c613f626bd34df07c4de8584b8
- SHA512
  
  1da0262881bc863af94d968dbf0ddba14786d7a27fe4568bc9e5fbbf65629999c0fda40397bb80801cba64983a905bbec3d999954176e857b4596d7e4aceee29
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy