General
Target

4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a

Size

313KB

Sample

220620-smx6zsgdd3

Score
10/10
MD5

ae9348857fab75e8711f0854ac29676f

SHA1

2365f11df7aec453252e7d4fa405b2d5472cc2a2

SHA256

4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a

SHA512

fdd493704147a286c21ee3f542f8c3fbb890211f73a1bd71d99d899a78557f70fb60bb5bb6e483b931de17a8b23978fa4b5909a1e62687be6993d411fe68c155

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets
Target

4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a

MD5

ae9348857fab75e8711f0854ac29676f

Filesize

313KB

Score
10/10
SHA1

2365f11df7aec453252e7d4fa405b2d5472cc2a2

SHA256

4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a

SHA512

fdd493704147a286c21ee3f542f8c3fbb890211f73a1bd71d99d899a78557f70fb60bb5bb6e483b931de17a8b23978fa4b5909a1e62687be6993d411fe68c155

Tags

Signatures

  • Tofsee

    Description

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    Tags

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • XMRig Miner Payload

    Tags

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Deletes itself

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A