General
-
Target
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
Size
106KB
-
Sample
221130-bptsxaef35
-
MD5
bd8004e3e8b3edef2b5c2de0c5bd0569
-
SHA1
566ea52fd6d80eb66d3d5e6b99f7d2712aa866fe
-
SHA256
ae19f6d32470c54630a3057707dbb726806f30c726da50468fbc73532803612e
-
SHA512
0aef251c9ec23b88bc3d611441868655276b6848b7507cec7e38f6140bf525d5e0bc03efe202ee3f600998b2be1f693961db820bd041bad144b5c19b3f4b078f
-
SSDEEP
3072:enlGrmbzKN8kStwrtNszGgWDwIj1v6YW9ojXetM4xB8HvDi:/mbzbtstNsagaEYWKjbdi
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
Size
148KB
-
MD5
674f6f47bcd256ab551b0b41f1bcaab4
-
SHA1
b4e1d5b2b4c283265dc5a54ecc66d09289fe9f75
-
SHA256
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
SHA512
e9fa747bd48234c3075f56f55f7eb659af0c57cb4f60a0594d827d74a1362cae26e126d5e150c7d5c22561a91cd2c552a2731e1692dba17bd9896bc9f685f8d1
-
SSDEEP
1536:MooT+fuLjBDF9pSbFP8BnWkPk0Wn5/NV032+QbhY06R4u1uc7fpqoEW7LlaRsrGW:MooTyeE8AeWn5loJ0KF7fJPWuxl/D
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-