tofsee | 2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
Size

299KB
Sample

220619-ftrlkadahk
MD5

c65453888ba36756943894d3282563fc
SHA1

130a0daff88260539c16d66049efb9f0f40e019d
SHA256

2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
SHA512

e334ddfd4e070ed320d0352335519e52a1155e49d748571123d4be2ac6d944d5a503d43ea64445e21a5e6191256beb553d3c7f0b07cb73a6944778b8cf8d874b

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e.exe

Resource

win10-20220414-en

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
- Size
  
  299KB
- MD5
  
  c65453888ba36756943894d3282563fc
- SHA1
  
  130a0daff88260539c16d66049efb9f0f40e019d
- SHA256
  
  2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
- SHA512
  
  e334ddfd4e070ed320d0352335519e52a1155e49d748571123d4be2ac6d944d5a503d43ea64445e21a5e6191256beb553d3c7f0b07cb73a6944778b8cf8d874b
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy