General
-
Target
c1570779131fd8052e927602b95100fc5fd4d97ae4b124b61abc449f46e5b602
-
Size
199KB
-
Sample
220613-ryqevaggcr
-
MD5
47820905cd980ea036882ec66e2b8252
-
SHA1
3d7d0d3def438459f54810fd90ed3473f73cc6fb
-
SHA256
c1570779131fd8052e927602b95100fc5fd4d97ae4b124b61abc449f46e5b602
-
SHA512
a0d9ccbbb078f9bb95356ac8fb990b6b3bbc815d7d48ea21004de61b1d0e7a1902c1e2d9e12c198282f933795a24e8bb6403306aa0221b591fb98eb1a96f06b3
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c1570779131fd8052e927602b95100fc5fd4d97ae4b124b61abc449f46e5b602
-
Size
199KB
-
MD5
47820905cd980ea036882ec66e2b8252
-
SHA1
3d7d0d3def438459f54810fd90ed3473f73cc6fb
-
SHA256
c1570779131fd8052e927602b95100fc5fd4d97ae4b124b61abc449f46e5b602
-
SHA512
a0d9ccbbb078f9bb95356ac8fb990b6b3bbc815d7d48ea21004de61b1d0e7a1902c1e2d9e12c198282f933795a24e8bb6403306aa0221b591fb98eb1a96f06b3
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-