Extracted

• • Target

    3c2b6d59b3c9a3168f5b0ebab694f8ba4353f068c550717d32c80b2086ba67b2

  • Size

    223KB

  • MD5

    ac263c06e966b53c2cfa5c361af9acbe

  • SHA1

    a4e04f27ceccd14a64c525fbba8566755d44bd93

  • SHA256

    3c2b6d59b3c9a3168f5b0ebab694f8ba4353f068c550717d32c80b2086ba67b2

  • SHA512

    1ea08cb9c2a021fd7d1c2569f6e1f4d5abbe23fc6e461d47154400e989c07515f1c1884a810db11aae1fe471e9611e4535dee5a850ac86d6babd12d948ec7085

  • SSDEEP

    3072:FvqW06LNAyAw7WlTLzGr6j5cBZgmd6SY59lFtaZ7glGHVpFdMPkSTp:FvqbMAE7WVLyrkZx8pFd81

  Score

  10^/10

  tofseexmrigevasionminerpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Creates new service(s)

    persistence

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1