Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97
-
Size
120KB
-
Sample
221001-zmnqwagcdn
-
MD5
4dceae07630380b5ed1a94389e1fb9c0
-
SHA1
2d3bd982d62d7fc62b961f82625682231766856e
-
SHA256
b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97
-
SHA512
4fb8b0a3cbeb394453c551e6daece1cf5c1685abf2d6b083d569c4096a3544c228df7bba7acfdec3aae9caa490f04dd78ca08a53cf6a6108f415a0d5a767e254
-
SSDEEP
1536:mZG0MaQ9u20DPpbuF30kpX9aIJeOX/hZZYF9WqoMurUE/ZZ1rSNJMiGXBe:Nr9u20Tpb+rpAyZZKF9WqJEz1+8dx
Malware Config
Extracted
tofsee
111.121.193.238
103.15.107.117
188.190.114.108
188.165.132.183
213.155.0.208
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97
-
Size
120KB
-
MD5
4dceae07630380b5ed1a94389e1fb9c0
-
SHA1
2d3bd982d62d7fc62b961f82625682231766856e
-
SHA256
b62bd16f3b2fb0e9d1549dd12114b99bdfd360a8a9719f9b801544113c69bb97
-
SHA512
4fb8b0a3cbeb394453c551e6daece1cf5c1685abf2d6b083d569c4096a3544c228df7bba7acfdec3aae9caa490f04dd78ca08a53cf6a6108f415a0d5a767e254
-
SSDEEP
1536:mZG0MaQ9u20DPpbuF30kpX9aIJeOX/hZZYF9WqoMurUE/ZZ1rSNJMiGXBe:Nr9u20Tpb+rpAyZZKF9WqJEz1+8dx
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-