Description
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
General
Target
Size
Sample
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
313KB
220620-smx6zsgdd3
Score
10/10
MD5
SHA1
SHA256
SHA512
ae9348857fab75e8711f0854ac29676f
2365f11df7aec453252e7d4fa405b2d5472cc2a2
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
fdd493704147a286c21ee3f542f8c3fbb890211f73a1bd71d99d899a78557f70fb60bb5bb6e483b931de17a8b23978fa4b5909a1e62687be6993d411fe68c155
Malware Config
Extracted
| Family | tofsee |
| C2 |
svartalfheim.top jotunheim.name |
Targets
Target
MD5
Filesize
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
ae9348857fab75e8711f0854ac29676f
313KB
Score
10/10
SHA1
SHA256
SHA512
2365f11df7aec453252e7d4fa405b2d5472cc2a2
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
fdd493704147a286c21ee3f542f8c3fbb890211f73a1bd71d99d899a78557f70fb60bb5bb6e483b931de17a8b23978fa4b5909a1e62687be6993d411fe68c155
Tags
Signatures
-
Tofsee
-
Windows security bypass
Tags
TTPs
-
xmrig
Description
XMRig is a high performance, open source, cross platform CPU/GPU miner.
Tags
-
XMRig Miner Payload
Tags
-
Creates new service(s)
Tags
TTPs
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Sets service image path in registry
Tags
TTPs
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10