Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    93cb2741e6805e68eb87266ec29e21f7138e609d4940edb1bdbafa47426ea0f5

  • Size

    312KB

  • Sample

    230106-narffsbe4v

  • MD5

    ef8b14df3ec4cfe498948989a77910ad

  • SHA1

    48cd7aa491bf373f6e959178ef5fd8d9ba688c82

  • SHA256

    93cb2741e6805e68eb87266ec29e21f7138e609d4940edb1bdbafa47426ea0f5

  • SHA512

    bc00dc1ad7825bab55349e47aaff03102545374f82e777f6e96b7e16f88236d9fca3766c07bc9e9470d2e32b38386e6eb57c62750b137a85f1cd4beaee9cc90e

  • SSDEEP

    6144:2S7LKg5EpQN8fYMQTEFEIg8XfVMqdWKQphEUor:2S7eg5fPMh9XdMkb/Uo

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

    • Target

      93cb2741e6805e68eb87266ec29e21f7138e609d4940edb1bdbafa47426ea0f5

    • Size

      312KB

    • MD5

      ef8b14df3ec4cfe498948989a77910ad

    • SHA1

      48cd7aa491bf373f6e959178ef5fd8d9ba688c82

    • SHA256

      93cb2741e6805e68eb87266ec29e21f7138e609d4940edb1bdbafa47426ea0f5

    • SHA512

      bc00dc1ad7825bab55349e47aaff03102545374f82e777f6e96b7e16f88236d9fca3766c07bc9e9470d2e32b38386e6eb57c62750b137a85f1cd4beaee9cc90e

    • SSDEEP

      6144:2S7LKg5EpQN8fYMQTEFEIg8XfVMqdWKQphEUor:2S7eg5fPMh9XdMkb/Uo

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks