Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01712cc25c0c3cfcfab253e2cad522cd

  • Size

    12.8MB

  • Sample

    231225-dg33qaefbp

  • MD5

    01712cc25c0c3cfcfab253e2cad522cd

  • SHA1

    93696f36d9ce738af89157525cdf9aeaf4865281

  • SHA256

    7d18bef53b53754a23ae16ded0805921fd40ee40e507fc80460a92615fe4b04b

  • SHA512

    0ae8306a2a045300c2a0cf6eb1aa08fdc10ad7c155c6ccfa2deb1bad4330e383063bb16b5ff136466c440d0b33ee8da92a0c9c2159c38b6ef2173cf6571f0bae

  • SSDEEP

    98304:uKlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllB:

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      01712cc25c0c3cfcfab253e2cad522cd

    • Size

      12.8MB

    • MD5

      01712cc25c0c3cfcfab253e2cad522cd

    • SHA1

      93696f36d9ce738af89157525cdf9aeaf4865281

    • SHA256

      7d18bef53b53754a23ae16ded0805921fd40ee40e507fc80460a92615fe4b04b

    • SHA512

      0ae8306a2a045300c2a0cf6eb1aa08fdc10ad7c155c6ccfa2deb1bad4330e383063bb16b5ff136466c440d0b33ee8da92a0c9c2159c38b6ef2173cf6571f0bae

    • SSDEEP

      98304:uKlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllB:

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks