Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    206ca3f88f29ee80ca16649e17efcce1ee750c45ce1a6762f96f6d6d049993e5.zip

  • Size

    128KB

  • Sample

    231022-vlj9vadc43

  • MD5

    6b3f851c87039eccc95e75c168e3f943

  • SHA1

    d8bd8857ba75e9c54a6f30adf6e3ed1fe1e66922

  • SHA256

    929316dc45a47682a15734ebd6528226795ab97eaf17b170ff26addefe9698cf

  • SHA512

    b9607f0f3b56221d9bf5ca9de0ca0acf358d525fe2d8af3b0264aad9abd46c234b96cf5bd734fe668df475a8efb18930da18578bc36bd734dbbdb0e8c1814d3b

  • SSDEEP

    3072:7WUTm1eUMZfJ9PmCoKF4BMPcUce1Kisv4tIa98JwdUJ8:l5f+KkUPKixSIZda8

Malware Config

Extracted

Family

tofsee

C2

vanaheim.cn

jotunheim.name

Targets

    • Target

      206ca3f88f29ee80ca16649e17efcce1ee750c45ce1a6762f96f6d6d049993e5.exe

    • Size

      254KB

    • MD5

      400d83c136d4003e1137471d3900f267

    • SHA1

      c26b5043bea1c3176d9d605b782010542ef7d26e

    • SHA256

      206ca3f88f29ee80ca16649e17efcce1ee750c45ce1a6762f96f6d6d049993e5

    • SHA512

      907cfcaa1b90d79261cbd84d3876a79d34de120ab4d6b34afef20aeef916efa1ce098967e9a568e57c476ab3f8af9ed19aa4541f91741299288cfbc881cccdd3

    • SSDEEP

      3072:WyBNUf2KxA+GRKv3XgAYUzBefFzGdrgRiyVHhoLA48vQX:9FMA+KKvHgn4tIiyVHqL

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks