Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69ea6c1bae15f0e9a51c6d7645b92119

  • Size

    13.0MB

  • Sample

    231226-na5yvacch2

  • MD5

    69ea6c1bae15f0e9a51c6d7645b92119

  • SHA1

    889d92a7c1728764aaa5d54cc134a113647f16b4

  • SHA256

    072ff816b2373bd6ab07298e3653d98c84b6a897ef17fc8002873edd9dff7e2e

  • SHA512

    51688cea0e7b75febda3617850401ae1813603fc543d96c67adb7ea08c5f470192dd25086ab8a30087dc32356171b6c8e5d48c3aaaefc80402826e33a376505c

  • SSDEEP

    24576:bgdy5yNM4444444444444444444444444444444444444444444444444444444g:

Malware Config

Extracted

Family

tofsee

C2

defeatwax.ru

refabyd.info

Targets

    • Target

      69ea6c1bae15f0e9a51c6d7645b92119

    • Size

      13.0MB

    • MD5

      69ea6c1bae15f0e9a51c6d7645b92119

    • SHA1

      889d92a7c1728764aaa5d54cc134a113647f16b4

    • SHA256

      072ff816b2373bd6ab07298e3653d98c84b6a897ef17fc8002873edd9dff7e2e

    • SHA512

      51688cea0e7b75febda3617850401ae1813603fc543d96c67adb7ea08c5f470192dd25086ab8a30087dc32356171b6c8e5d48c3aaaefc80402826e33a376505c

    • SSDEEP

      24576:bgdy5yNM4444444444444444444444444444444444444444444444444444444g:

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks