Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b68da54fb8d64c5af84fceba0260579

  • Size

    10.3MB

  • Sample

    231225-zaw7gsbcc9

  • MD5

    3b68da54fb8d64c5af84fceba0260579

  • SHA1

    accad1d4fc3dc24f172ae9530acfaaf537d7491e

  • SHA256

    583bcd9cc37ac2f4d3f3c1c8133b3b843e851e7fba456bd189eef7090ba549f0

  • SHA512

    b98d7ec7c19c67ddd11eda0c2b1fd903008b7535a23bc86129797a0a7bea1f0cb747cfa2e8b87c5386bbb0f50ecb93bcbddc717d875896c12bf7bbece07540ff

  • SSDEEP

    49152:4RBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBf:

Malware Config

Extracted

Family

tofsee

C2

43.231.4.6

lazystax.ru

Targets

    • Target

      3b68da54fb8d64c5af84fceba0260579

    • Size

      10.3MB

    • MD5

      3b68da54fb8d64c5af84fceba0260579

    • SHA1

      accad1d4fc3dc24f172ae9530acfaaf537d7491e

    • SHA256

      583bcd9cc37ac2f4d3f3c1c8133b3b843e851e7fba456bd189eef7090ba549f0

    • SHA512

      b98d7ec7c19c67ddd11eda0c2b1fd903008b7535a23bc86129797a0a7bea1f0cb747cfa2e8b87c5386bbb0f50ecb93bcbddc717d875896c12bf7bbece07540ff

    • SSDEEP

      49152:4RBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBf:

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks