tofsee | e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
Size

264KB
Sample

220606-dts4aaabel
MD5

075f14a07e17015cf2a0285518ada2ce
SHA1

84838c6d139928e3c9778a9678e63df111786de0
SHA256

e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
SHA512

8ec5c0f6236d59a0a971a3c7d0dda4dbd000497df0b69cfde0976c19d305f77da60f3b3ed1a9926a544b19cf7d38d2de833918306dc11a05171e0721e7abdf89

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164.exe

Resource

win10-20220414-en

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
- Size
  
  264KB
- MD5
  
  075f14a07e17015cf2a0285518ada2ce
- SHA1
  
  84838c6d139928e3c9778a9678e63df111786de0
- SHA256
  
  e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
- SHA512
  
  8ec5c0f6236d59a0a971a3c7d0dda4dbd000497df0b69cfde0976c19d305f77da60f3b3ed1a9926a544b19cf7d38d2de833918306dc11a05171e0721e7abdf89
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy