tofsee | 086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
Size

209KB
Sample

220613-z9ndmafah8
MD5

c685b41f84097e1f2db12c7287272e12
SHA1

893a99ce4edfe0b8435f744453c69742f2955e98
SHA256

086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
SHA512

01f9d7a64f098ba4d689fe6cc94e1c2ce0b5f20cc51936d3da1e95981c27e1a26e5544d214ad233397a89730df0c74f06ef7bdf6ab4032fecc4aaed9d6f7e37d

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1.exe

Resource

win10-20220414-en

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
- Size
  
  209KB
- MD5
  
  c685b41f84097e1f2db12c7287272e12
- SHA1
  
  893a99ce4edfe0b8435f744453c69742f2955e98
- SHA256
  
  086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
- SHA512
  
  01f9d7a64f098ba4d689fe6cc94e1c2ce0b5f20cc51936d3da1e95981c27e1a26e5544d214ad233397a89730df0c74f06ef7bdf6ab4032fecc4aaed9d6f7e37d
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy