General
-
Target
44c063a5dd16b68fd21655158ce4f65b.exe
-
Size
279KB
-
Sample
220923-gx7bvsdcg5
-
MD5
44c063a5dd16b68fd21655158ce4f65b
-
SHA1
e68ecc0d23aad421e7ef4c956a5c9a6dbab2e711
-
SHA256
bfb8326e9ff8342de2f793e97ef3c5a0be6a7cce114ef63c1ad22263a39238df
-
SHA512
4a01fb57d1ea04bd12b484b8d6c31910accf829ce5dc0cb4f73e6906ad557751ee9b81c714b8f2bada1f91772c75cbf5284947bde237dee2a3c008fb7491c802
-
SSDEEP
6144:21L7VFe8HLHAlCXGMOQsn3IkeMyA0qb408INVigavwVfNzC:21LbZslCXGMHsWMYA4NA+
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
44c063a5dd16b68fd21655158ce4f65b.exe
-
Size
279KB
-
MD5
44c063a5dd16b68fd21655158ce4f65b
-
SHA1
e68ecc0d23aad421e7ef4c956a5c9a6dbab2e711
-
SHA256
bfb8326e9ff8342de2f793e97ef3c5a0be6a7cce114ef63c1ad22263a39238df
-
SHA512
4a01fb57d1ea04bd12b484b8d6c31910accf829ce5dc0cb4f73e6906ad557751ee9b81c714b8f2bada1f91772c75cbf5284947bde237dee2a3c008fb7491c802
-
SSDEEP
6144:21L7VFe8HLHAlCXGMOQsn3IkeMyA0qb408INVigavwVfNzC:21LbZslCXGMHsWMYA4NA+
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-