Description
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
General
Target
Size
Sample
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
313KB
220620-mf2myaeef4
Score
10/10
MD5
SHA1
SHA256
SHA512
8c59fd44034638f1bb8faf8e176f9957
db22814dda7aa3052159970207ef04c81f489796
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
b02ade51044ab436ee21118bd4ab3029feaf22d0e8e44d96eb9462f0ea462634614c4d452c33f37ebbb6f92cee16e45cdcb526ccae561064391b3b6df508a4b9
Malware Config
Extracted
| Family | tofsee |
| C2 |
svartalfheim.top jotunheim.name |
Targets
Target
MD5
Filesize
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
8c59fd44034638f1bb8faf8e176f9957
313KB
Score
10/10
SHA1
SHA256
SHA512
db22814dda7aa3052159970207ef04c81f489796
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
b02ade51044ab436ee21118bd4ab3029feaf22d0e8e44d96eb9462f0ea462634614c4d452c33f37ebbb6f92cee16e45cdcb526ccae561064391b3b6df508a4b9
Tags
Signatures
-
Tofsee
-
Windows security bypass
Tags
TTPs
-
xmrig
Description
XMRig is a high performance, open source, cross platform CPU/GPU miner.
Tags
-
XMRig Miner Payload
Tags
-
Creates new service(s)
Tags
TTPs
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Sets service image path in registry
Tags
TTPs
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10