tofsee | d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
Size

299KB
Sample

220619-m6e7maebep
MD5

97b5cd3c1f12cffc1ce3c6212d6709f6
SHA1

d5b5910a7c0418983fe58b256f59c09b99b803a2
SHA256

d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
SHA512

a20e7d90180bda7f6cc1eedfe5d5f21057effeab11a8d894a7ac34c3b572780a595a166dd5dee6816fbfb4910bbb95d1107262d352cda7174447fd3f36363f12

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc.exe

Resource

win10-20220414-en

tofsee xmrig evasion miner persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
- Size
  
  299KB
- MD5
  
  97b5cd3c1f12cffc1ce3c6212d6709f6
- SHA1
  
  d5b5910a7c0418983fe58b256f59c09b99b803a2
- SHA256
  
  d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
- SHA512
  
  a20e7d90180bda7f6cc1eedfe5d5f21057effeab11a8d894a7ac34c3b572780a595a166dd5dee6816fbfb4910bbb95d1107262d352cda7174447fd3f36363f12
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy