Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    310d54057b0e553d230284fdcdd1ead1

  • Size

    335KB

  • Sample

    231225-v3nzcsecbn

  • MD5

    310d54057b0e553d230284fdcdd1ead1

  • SHA1

    9dab1c464e3d8e4551070e854509d4b4aae903ac

  • SHA256

    f303448daa6e0457f26ae9a14cb80bf592b31550a1cb8fdc284c6bbe87494f42

  • SHA512

    53c1380cd2d322a66551205246bbf9ed0803e70c5e880c4a11c1c1b33db533ce8137ee9805987a6c2979a5ab21207680e8cda05195cfadece8861d1b785a05cb

  • SSDEEP

    3072:FkAgDr/XSqon0LUwWQ2UHxqms7/7btm52yls2LC5J8ZWwoQSwgeb7hiOiPg0tGis:FkhDr/+0LUdbKhsMs268UoSwrb7SpG

Malware Config

Extracted

Family

tofsee

C2

defeatwax.ru

refabyd.info

Targets

    • Target

      310d54057b0e553d230284fdcdd1ead1

    • Size

      335KB

    • MD5

      310d54057b0e553d230284fdcdd1ead1

    • SHA1

      9dab1c464e3d8e4551070e854509d4b4aae903ac

    • SHA256

      f303448daa6e0457f26ae9a14cb80bf592b31550a1cb8fdc284c6bbe87494f42

    • SHA512

      53c1380cd2d322a66551205246bbf9ed0803e70c5e880c4a11c1c1b33db533ce8137ee9805987a6c2979a5ab21207680e8cda05195cfadece8861d1b785a05cb

    • SSDEEP

      3072:FkAgDr/XSqon0LUwWQ2UHxqms7/7btm52yls2LC5J8ZWwoQSwgeb7hiOiPg0tGis:FkhDr/+0LUdbKhsMs268UoSwrb7SpG

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks