tofsee | f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
Size

242KB
Sample

220809-kk4xraffbl
MD5

28ed896d0a53dd6270680aa99b05cbaf
SHA1

1520bae540d09edeadb5c0cca95be7b9da45bc07
SHA256

f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
SHA512

bdf808f222121fb3cb1796604e40cc88281f57f4b7c3d5dcedd2221ded2d93b80e14d76eadc260bb9d83ec4935561b0c6d4e70a0a061fa83b37621ee3cb31e4e

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7.exe

Resource

win10-20220718-en

tofsee xmrig evasion miner persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
- Size
  
  242KB
- MD5
  
  28ed896d0a53dd6270680aa99b05cbaf
- SHA1
  
  1520bae540d09edeadb5c0cca95be7b9da45bc07
- SHA256
  
  f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
- SHA512
  
  bdf808f222121fb3cb1796604e40cc88281f57f4b7c3d5dcedd2221ded2d93b80e14d76eadc260bb9d83ec4935561b0c6d4e70a0a061fa83b37621ee3cb31e4e
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy