tofsee | 6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
Size

197KB
Sample

220924-tqs7wachfr
MD5

8b18eb0a88d43a1e8cfdbd6dbcc501ca
SHA1

5ccbea3b2e766f3eddb1f8c71c0d38d4fff8c077
SHA256

6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
SHA512

5a54450e896fc8d7a08b68bee8110cc3312bf59a83a122a4f02e295309de9f94afa2d83bfa318c34c02165e204aadb9be8fbe48a1cd30449de04fb2fa3e13507
SSDEEP

3072:T6sF6LCp8psrA5wWcLJ40nhd2zOSh19xeB3W8R0nRAZR/Pkk4x:GLdpzcHnRSf8WlnRc

Score

10^/10

tofsee xmrig evasion miner persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5.exe

Resource

win10-20220812-en

tofsee xmrig evasion miner persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

- Target
  
  6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
- Size
  
  197KB
- MD5
  
  8b18eb0a88d43a1e8cfdbd6dbcc501ca
- SHA1
  
  5ccbea3b2e766f3eddb1f8c71c0d38d4fff8c077
- SHA256
  
  6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
- SHA512
  
  5a54450e896fc8d7a08b68bee8110cc3312bf59a83a122a4f02e295309de9f94afa2d83bfa318c34c02165e204aadb9be8fbe48a1cd30449de04fb2fa3e13507
- SSDEEP
  
  3072:T6sF6LCp8psrA5wWcLJ40nhd2zOSh19xeB3W8R0nRAZR/Pkk4x:GLdpzcHnRSf8WlnRc
Score

10^/10

tofsee xmrig evasion miner persistence trojan
- Tofsee
  Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
  trojan tofsee
- Windows security bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Deletes itself
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tofseexmrigevasionminerpersistencetrojan

© 2018-2024

Terms | Privacy