Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7_JC.exe

  • Size

    197KB

  • Sample

    231013-1ewl7add38

  • MD5

    3a2a650e38e091c0f21e8fb091e60451

  • SHA1

    284cf3e757a82b0feb43ad691a1efbfde7171193

  • SHA256

    9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7

  • SHA512

    4d8fb291c9518f67dad7582898d55830933e04204fc622a9df326af572eb58fdefdb8bf42906d95f8173fd47af4f6eb35e2866555db9a320ee9b86365aba324a

  • SSDEEP

    3072:bvDSLXr5TXHwa5yak5qVmnBczE2QwWgxp9f45K6cLTfN49Q:XSL7Nga5yXdBSEbpgxzHHLTV4i

Malware Config

Extracted

Family

tofsee

C2

vanaheim.cn

jotunheim.name

Targets

    • Target

      9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7_JC.exe

    • Size

      197KB

    • MD5

      3a2a650e38e091c0f21e8fb091e60451

    • SHA1

      284cf3e757a82b0feb43ad691a1efbfde7171193

    • SHA256

      9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7

    • SHA512

      4d8fb291c9518f67dad7582898d55830933e04204fc622a9df326af572eb58fdefdb8bf42906d95f8173fd47af4f6eb35e2866555db9a320ee9b86365aba324a

    • SSDEEP

      3072:bvDSLXr5TXHwa5yak5qVmnBczE2QwWgxp9f45K6cLTfN49Q:XSL7Nga5yXdBSEbpgxzHHLTV4i

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks