General
Target

750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2

Size

313KB

Sample

220620-mf2myaeef4

Score
10/10
MD5

8c59fd44034638f1bb8faf8e176f9957

SHA1

db22814dda7aa3052159970207ef04c81f489796

SHA256

750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2

SHA512

b02ade51044ab436ee21118bd4ab3029feaf22d0e8e44d96eb9462f0ea462634614c4d452c33f37ebbb6f92cee16e45cdcb526ccae561064391b3b6df508a4b9

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets
Target

750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2

MD5

8c59fd44034638f1bb8faf8e176f9957

Filesize

313KB

Score
10/10
SHA1

db22814dda7aa3052159970207ef04c81f489796

SHA256

750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2

SHA512

b02ade51044ab436ee21118bd4ab3029feaf22d0e8e44d96eb9462f0ea462634614c4d452c33f37ebbb6f92cee16e45cdcb526ccae561064391b3b6df508a4b9

Tags

Signatures

  • Tofsee

    Description

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • XMRig Miner Payload

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Deletes itself

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A