Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a24ac3a139c0635c9731a068cdd537985a690923e5626229cd47fbc675b904f1

  • Size

    260KB

  • Sample

    230109-bbyvpsfb99

  • MD5

    2073dae8b615ea1f457856ac118ae6d6

  • SHA1

    412181334c6bd79483ad5acbbdd93665fe4f022b

  • SHA256

    a24ac3a139c0635c9731a068cdd537985a690923e5626229cd47fbc675b904f1

  • SHA512

    f470dafd92ab05d2cf40628eb14183581a455089c46a34b84495e373cdc4bacba892bf2deef1ea818266243397fc4c227c400321f1d9928f03e52e4568f84341

  • SSDEEP

    3072:t1XE7JCdjzLS7m7diBLe153EbzZ3n2vO2oIqAtpfag9hZCRRzMuWZgd3n:7nBL97diBLFRXgLocpiAcqgd3

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Targets

    • Target

      a24ac3a139c0635c9731a068cdd537985a690923e5626229cd47fbc675b904f1

    • Size

      260KB

    • MD5

      2073dae8b615ea1f457856ac118ae6d6

    • SHA1

      412181334c6bd79483ad5acbbdd93665fe4f022b

    • SHA256

      a24ac3a139c0635c9731a068cdd537985a690923e5626229cd47fbc675b904f1

    • SHA512

      f470dafd92ab05d2cf40628eb14183581a455089c46a34b84495e373cdc4bacba892bf2deef1ea818266243397fc4c227c400321f1d9928f03e52e4568f84341

    • SSDEEP

      3072:t1XE7JCdjzLS7m7diBLe153EbzZ3n2vO2oIqAtpfag9hZCRRzMuWZgd3n:7nBL97diBLFRXgLocpiAcqgd3

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks