Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0f17b0d4320240b6109bc8a25f505e09

  • Size

    13.0MB

  • Sample

    231230-fgyjcagehr

  • MD5

    0f17b0d4320240b6109bc8a25f505e09

  • SHA1

    995e221404656216ce3ff4cd17f82b4b5bdd8c2c

  • SHA256

    d0eff54fcc3e55633eaf0b74e3e757cd17ac81abe8015cca3496b3f10f9a45d5

  • SHA512

    eeca32f1953961d360233613e10818c5398b36e57e888175099b005af646f00a3a82f8fb134690d1b1059ff5ec4fb5bd9ed21a692d68fbbc721b8ba35d74509a

  • SSDEEP

    24576:gT8rgnPp+RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRB:Qp+

Malware Config

Extracted

Family

tofsee

C2

43.231.4.6

lazystax.ru

Targets

    • Target

      0f17b0d4320240b6109bc8a25f505e09

    • Size

      13.0MB

    • MD5

      0f17b0d4320240b6109bc8a25f505e09

    • SHA1

      995e221404656216ce3ff4cd17f82b4b5bdd8c2c

    • SHA256

      d0eff54fcc3e55633eaf0b74e3e757cd17ac81abe8015cca3496b3f10f9a45d5

    • SHA512

      eeca32f1953961d360233613e10818c5398b36e57e888175099b005af646f00a3a82f8fb134690d1b1059ff5ec4fb5bd9ed21a692d68fbbc721b8ba35d74509a

    • SSDEEP

      24576:gT8rgnPp+RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRB:Qp+

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks