tofsee | e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
Size

309KB
Sample

220619-aaj5gseff9
MD5

9a04e30c4df2820e9d40a3c2b0f39b1f
SHA1

c6129fd781470864596e2a5c984750c11974ffdc
SHA256

e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
SHA512

b32d9d517625dfdba0c4f4611ba0dcd79e254ac1cc34bd0443ddc5a966427ee11a3b3b5cfdaf31e8efc66443c65db4f89a3ecb936341bdf667bbc3a9389955fd

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b.exe

Resource

win10-20220414-en

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
- Size
  
  309KB
- MD5
  
  9a04e30c4df2820e9d40a3c2b0f39b1f
- SHA1
  
  c6129fd781470864596e2a5c984750c11974ffdc
- SHA256
  
  e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
- SHA512
  
  b32d9d517625dfdba0c4f4611ba0dcd79e254ac1cc34bd0443ddc5a966427ee11a3b3b5cfdaf31e8efc66443c65db4f89a3ecb936341bdf667bbc3a9389955fd
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy