Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011

  • Size

    196KB

  • Sample

    220604-cydcysabbj

  • MD5

    b7c45763c069df96f6351ebc8935351e

  • SHA1

    a64d00abbc12d0178662465a8092d7ba2b88b369

  • SHA256

    373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011

  • SHA512

    eec1d6d256554b85f8c1d1187c608d628d9caf4c827349f24f3b37f7c49bc58bbdaf7ac4e6847e6ca0393b643e74c1870e6c3313dbf774298a926d6612de1604

Score
10/10
tofseexmrigevasionminerpersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

    • Target

      373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011

    • Size

      196KB

    • MD5

      b7c45763c069df96f6351ebc8935351e

    • SHA1

      a64d00abbc12d0178662465a8092d7ba2b88b369

    • SHA256

      373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011

    • SHA512

      eec1d6d256554b85f8c1d1187c608d628d9caf4c827349f24f3b37f7c49bc58bbdaf7ac4e6847e6ca0393b643e74c1870e6c3313dbf774298a926d6612de1604

    Score
    10/10
    tofseexmrigevasionminerpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner Payload

      miner

    • Creates new service(s)

      persistence

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks