Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0c7824fd2d...c4.exe

windows7-x64

10

0c7824fd2d...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c7824fd2d1717ce83f2c7a6522047c4

  • Size

    12.7MB

  • Sample

    231230-dlntlahbak

  • MD5

    0c7824fd2d1717ce83f2c7a6522047c4

  • SHA1

    4849c18f94170bd876a2b0653763c04ebe61cfc4

  • SHA256

    59b5b9da2fdcee0b843246228a6eace2de8e5f20a82e2ed7df64e78f657f8772

  • SHA512

    eae3dd61afae33e900953fb0bf4f1e994c4df8bf2c3d7ed3581a8e06801857373bc2cad25a518825c62b829eb61cc286169bf3cefc43f9b818ab937b24e7cf94

  • SSDEEP

    24576:FjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB5:Fnh

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

defeatwax.ru

refabyd.info

Targets

    • Target

      0c7824fd2d1717ce83f2c7a6522047c4

    • Size

      12.7MB

    • MD5

      0c7824fd2d1717ce83f2c7a6522047c4

    • SHA1

      4849c18f94170bd876a2b0653763c04ebe61cfc4

    • SHA256

      59b5b9da2fdcee0b843246228a6eace2de8e5f20a82e2ed7df64e78f657f8772

    • SHA512

      eae3dd61afae33e900953fb0bf4f1e994c4df8bf2c3d7ed3581a8e06801857373bc2cad25a518825c62b829eb61cc286169bf3cefc43f9b818ab937b24e7cf94

    • SSDEEP

      24576:FjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB5:Fnh

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks