General
-
Target
52d45afb116606dc566614e7daa58ccf1f4e21500906376badcf8d0ce65b000c
-
Size
299KB
-
Sample
220619-lppt3agea8
-
MD5
5b6d239ead4b06328042cd51727378d5
-
SHA1
198be143268957562015a935bd3fbe658bb23670
-
SHA256
52d45afb116606dc566614e7daa58ccf1f4e21500906376badcf8d0ce65b000c
-
SHA512
33e8f75a7c2935e97cf89a2805a902d84bbaf9b30dc182bc5000ca47e1e205c2229fb97b83e9afef449b0ff0b1a7e3e2e1268ed62b81315174cbafc5d6905e7d
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
52d45afb116606dc566614e7daa58ccf1f4e21500906376badcf8d0ce65b000c
-
Size
299KB
-
MD5
5b6d239ead4b06328042cd51727378d5
-
SHA1
198be143268957562015a935bd3fbe658bb23670
-
SHA256
52d45afb116606dc566614e7daa58ccf1f4e21500906376badcf8d0ce65b000c
-
SHA512
33e8f75a7c2935e97cf89a2805a902d84bbaf9b30dc182bc5000ca47e1e205c2229fb97b83e9afef449b0ff0b1a7e3e2e1268ed62b81315174cbafc5d6905e7d
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-