tofsee | 5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
Size

262KB
Sample

220606-lgezwsbdek
MD5

b238397190cef77889f56f811f88d8eb
SHA1

2621a4fa22254ab5c18fd62f2e909627781f32d5
SHA256

5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
SHA512

c62d9ad34d4c4b665d3d4201fc4a99b8cf8a83ef50855cdfc8f32c57bbd4cf67ff4517edfe39f013392e5a2563e41c9e79e1df8867c95fda664c8c8bc0cfc411

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125.exe

Resource

win10-20220414-en

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
- Size
  
  262KB
- MD5
  
  b238397190cef77889f56f811f88d8eb
- SHA1
  
  2621a4fa22254ab5c18fd62f2e909627781f32d5
- SHA256
  
  5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
- SHA512
  
  c62d9ad34d4c4b665d3d4201fc4a99b8cf8a83ef50855cdfc8f32c57bbd4cf67ff4517edfe39f013392e5a2563e41c9e79e1df8867c95fda664c8c8bc0cfc411
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy