Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac11fed62d81f2d45fecf3786b6a2e93e604e56c90dcfe3cad438bf9684e127e

  • Size

    231KB

  • Sample

    221225-2lywkacc38

  • MD5

    32e2938533598496e97070a73f42bb88

  • SHA1

    47c1592b43834ea631902e2d8050f28ac646619c

  • SHA256

    ac11fed62d81f2d45fecf3786b6a2e93e604e56c90dcfe3cad438bf9684e127e

  • SHA512

    668007ceaeab89ed06dad648e9aabaca9a3afe19db3d5559ec59a31acf6ff93b75d21c3a03f4f28ab0f1e9adb71096254f6433987c10f6be02c3be063f8cfc2a

  • SSDEEP

    3072:PPnX+LnXq5zvwby4A+hcj2qSpX9J4blS1g/tK8FPXLrcSb54VIcVTuh:eLXYkyRPj2qotMtK8FPDbIr

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

    • Target

      ac11fed62d81f2d45fecf3786b6a2e93e604e56c90dcfe3cad438bf9684e127e

    • Size

      231KB

    • MD5

      32e2938533598496e97070a73f42bb88

    • SHA1

      47c1592b43834ea631902e2d8050f28ac646619c

    • SHA256

      ac11fed62d81f2d45fecf3786b6a2e93e604e56c90dcfe3cad438bf9684e127e

    • SHA512

      668007ceaeab89ed06dad648e9aabaca9a3afe19db3d5559ec59a31acf6ff93b75d21c3a03f4f28ab0f1e9adb71096254f6433987c10f6be02c3be063f8cfc2a

    • SSDEEP

      3072:PPnX+LnXq5zvwby4A+hcj2qSpX9J4blS1g/tK8FPXLrcSb54VIcVTuh:eLXYkyRPj2qotMtK8FPDbIr

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks