Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0162043ff06fc0b7df59995580637c08

  • Size

    10.1MB

  • Sample

    231229-xw6a6sghdk

  • MD5

    0162043ff06fc0b7df59995580637c08

  • SHA1

    dbc586ca0e60b45b96824f4daa8d0ec4d3d41bdd

  • SHA256

    68144fe9a725e15493eb9156fc66f401701aff5daec246cb7489eca9993fa751

  • SHA512

    76bdd28851dd82ff301f77e98a1cd03cc6950dfdd04396293fb4d1181c74febdead5574b2a5d20148908a9a13850be83b279c1a5248be633bf30b62aa953c121

  • SSDEEP

    196608:YV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY4:

Malware Config

Extracted

Family

tofsee

C2

43.231.4.6

lazystax.ru

Targets

    • Target

      0162043ff06fc0b7df59995580637c08

    • Size

      10.1MB

    • MD5

      0162043ff06fc0b7df59995580637c08

    • SHA1

      dbc586ca0e60b45b96824f4daa8d0ec4d3d41bdd

    • SHA256

      68144fe9a725e15493eb9156fc66f401701aff5daec246cb7489eca9993fa751

    • SHA512

      76bdd28851dd82ff301f77e98a1cd03cc6950dfdd04396293fb4d1181c74febdead5574b2a5d20148908a9a13850be83b279c1a5248be633bf30b62aa953c121

    • SSDEEP

      196608:YV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY4:

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.