General
Target

2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5

Size

313KB

Sample

220620-nlynxafac8

Score
10/10
MD5

2ef63c72b793d5a7646e9ccf528f502c

SHA1

571541e8e638f4d464c38c0410b3e29e8710e992

SHA256

2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5

SHA512

de0e7bb0a7580edab9327b9cd9cd85b85d5261a5a9d0d4678159bb44ac13774c7332de0fa4a2db16285a90362c9bd5ef18ac384857d541c1c3eb8dee646ce903

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets
Target

2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5

MD5

2ef63c72b793d5a7646e9ccf528f502c

Filesize

313KB

Score
10/10
SHA1

571541e8e638f4d464c38c0410b3e29e8710e992

SHA256

2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5

SHA512

de0e7bb0a7580edab9327b9cd9cd85b85d5261a5a9d0d4678159bb44ac13774c7332de0fa4a2db16285a90362c9bd5ef18ac384857d541c1c3eb8dee646ce903

Tags

Signatures

  • Tofsee

    Description

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • XMRig Miner Payload

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Deletes itself

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A