Description
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
General
Target
Size
Sample
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
313KB
220620-nlynxafac8
Score
10/10
MD5
SHA1
SHA256
SHA512
2ef63c72b793d5a7646e9ccf528f502c
571541e8e638f4d464c38c0410b3e29e8710e992
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
de0e7bb0a7580edab9327b9cd9cd85b85d5261a5a9d0d4678159bb44ac13774c7332de0fa4a2db16285a90362c9bd5ef18ac384857d541c1c3eb8dee646ce903
Malware Config
Extracted
| Family | tofsee |
| C2 |
svartalfheim.top jotunheim.name |
Targets
Target
MD5
Filesize
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
2ef63c72b793d5a7646e9ccf528f502c
313KB
Score
10/10
SHA1
SHA256
SHA512
571541e8e638f4d464c38c0410b3e29e8710e992
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
de0e7bb0a7580edab9327b9cd9cd85b85d5261a5a9d0d4678159bb44ac13774c7332de0fa4a2db16285a90362c9bd5ef18ac384857d541c1c3eb8dee646ce903
Tags
Signatures
-
Tofsee
-
Windows security bypass
Tags
TTPs
-
xmrig
Description
XMRig is a high performance, open source, cross platform CPU/GPU miner.
Tags
-
XMRig Miner Payload
Tags
-
Creates new service(s)
Tags
TTPs
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Sets service image path in registry
Tags
TTPs
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10