Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0162043ff0...08.exe

windows7-x64

10

0162043ff0...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0162043ff06fc0b7df59995580637c08

  • Size

    10.1MB

  • Sample

    231229-xw6a6sghdk

  • MD5

    0162043ff06fc0b7df59995580637c08

  • SHA1

    dbc586ca0e60b45b96824f4daa8d0ec4d3d41bdd

  • SHA256

    68144fe9a725e15493eb9156fc66f401701aff5daec246cb7489eca9993fa751

  • SHA512

    76bdd28851dd82ff301f77e98a1cd03cc6950dfdd04396293fb4d1181c74febdead5574b2a5d20148908a9a13850be83b279c1a5248be633bf30b62aa953c121

  • SSDEEP

    196608:YV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY4:

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

43.231.4.6

lazystax.ru

Targets

    • Target

      0162043ff06fc0b7df59995580637c08

    • Size

      10.1MB

    • MD5

      0162043ff06fc0b7df59995580637c08

    • SHA1

      dbc586ca0e60b45b96824f4daa8d0ec4d3d41bdd

    • SHA256

      68144fe9a725e15493eb9156fc66f401701aff5daec246cb7489eca9993fa751

    • SHA512

      76bdd28851dd82ff301f77e98a1cd03cc6950dfdd04396293fb4d1181c74febdead5574b2a5d20148908a9a13850be83b279c1a5248be633bf30b62aa953c121

    • SSDEEP

      196608:YV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY4:

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Creates new service(s)

      persistence

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.