General
-
Target
e6894ac64117268d9f2b1e4ab6e24826a91cdbfbf052075cefb342cffef92314
-
Size
196KB
-
Sample
220924-3th1radgcq
-
MD5
40a52fcc516e86ac6c01895d22310200
-
SHA1
584bb6a661bab56e24d3004611495f9616e5e613
-
SHA256
e6894ac64117268d9f2b1e4ab6e24826a91cdbfbf052075cefb342cffef92314
-
SHA512
6df7a6b483b2a5d191a665760e684598b97b181491fc85f215259eb27617c53e3345bf9c4b87943a160d515c78e8474b24ef9f08a6fb7fc244783158c44d0d60
-
SSDEEP
3072:/RVXcxLzu9C/KN54m2jBq74tREkVdcLIfnBLywl3W/PkkXx:kxLSC/id74hVdJV
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e6894ac64117268d9f2b1e4ab6e24826a91cdbfbf052075cefb342cffef92314
-
Size
196KB
-
MD5
40a52fcc516e86ac6c01895d22310200
-
SHA1
584bb6a661bab56e24d3004611495f9616e5e613
-
SHA256
e6894ac64117268d9f2b1e4ab6e24826a91cdbfbf052075cefb342cffef92314
-
SHA512
6df7a6b483b2a5d191a665760e684598b97b181491fc85f215259eb27617c53e3345bf9c4b87943a160d515c78e8474b24ef9f08a6fb7fc244783158c44d0d60
-
SSDEEP
3072:/RVXcxLzu9C/KN54m2jBq74tREkVdcLIfnBLywl3W/PkkXx:kxLSC/id74hVdJV
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-