Analysis
-
max time kernel
295s -
max time network
367s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
30-11-2022 01:19
General
-
Target
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a.exe
-
Size
148KB
-
MD5
674f6f47bcd256ab551b0b41f1bcaab4
-
SHA1
b4e1d5b2b4c283265dc5a54ecc66d09289fe9f75
-
SHA256
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
SHA512
e9fa747bd48234c3075f56f55f7eb659af0c57cb4f60a0594d827d74a1362cae26e126d5e150c7d5c22561a91cd2c552a2731e1692dba17bd9896bc9f685f8d1
-
SSDEEP
1536:MooT+fuLjBDF9pSbFP8BnWkPk0Wn5/NV032+QbhY06R4u1uc7fpqoEW7LlaRsrGW:MooTyeE8AeWn5loJ0KF7fJPWuxl/D
Score
10/10
Malware Config
Extracted
Family
tofsee
C2
svartalfheim.top
jotunheim.name
Signatures
-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Users\Admin\AppData\Local\Temp\51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a.exe"C:\Users\Admin\AppData\Local\Temp\51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/896-132-0x0000000000DFE000-0x0000000000E0E000-memory.dmpFilesize
64KB
-
memory/896-133-0x0000000000C60000-0x0000000000C73000-memory.dmpFilesize
76KB
-
memory/896-134-0x0000000000DFE000-0x0000000000E0E000-memory.dmpFilesize
64KB
-
memory/896-135-0x0000000000400000-0x0000000000AD7000-memory.dmpFilesize
6.8MB
-
memory/896-136-0x0000000000C60000-0x0000000000C73000-memory.dmpFilesize
76KB
-
memory/896-137-0x0000000000400000-0x0000000000AD7000-memory.dmpFilesize
6.8MB