General
-
Target
db81d579f15211797c155f6b4b7c9eafc85f4aa91cffc4a29c13046f0b81c762
-
Size
218KB
-
Sample
220612-rbgt7aeccn
-
MD5
148f7fcde4e1bf6db1ff02c6dae2c81b
-
SHA1
c7922dfb7ad153ac9ec6d1a293e7f70c8760d5db
-
SHA256
db81d579f15211797c155f6b4b7c9eafc85f4aa91cffc4a29c13046f0b81c762
-
SHA512
4a542362cfbd9306d75020420c73d4f0ecfd7b91442b5802c92482ba8c2361b252efc6760444ca18ffecee3300c25abb0f7fa29f309136744f0b731cc922a5cd
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
db81d579f15211797c155f6b4b7c9eafc85f4aa91cffc4a29c13046f0b81c762
-
Size
218KB
-
MD5
148f7fcde4e1bf6db1ff02c6dae2c81b
-
SHA1
c7922dfb7ad153ac9ec6d1a293e7f70c8760d5db
-
SHA256
db81d579f15211797c155f6b4b7c9eafc85f4aa91cffc4a29c13046f0b81c762
-
SHA512
4a542362cfbd9306d75020420c73d4f0ecfd7b91442b5802c92482ba8c2361b252efc6760444ca18ffecee3300c25abb0f7fa29f309136744f0b731cc922a5cd
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-