Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    26c40137d44baffaed0feef784b5a6bd

  • Size

    14.7MB

  • Sample

    231231-d9x26sbgaq

  • MD5

    26c40137d44baffaed0feef784b5a6bd

  • SHA1

    cbd0f74afe260641d62a4020e6d3f00d56c14e75

  • SHA256

    5363de7557a8cea70d59831cdeb9f42268f0d8628168c343bcd8f09851d0b6c2

  • SHA512

    12f9c4a04590c72c75796eebcd06e7f8f7c94bd5495c57dee75ab9abbf6d3c8bca8be8edb4d86e2a17cff88116c4449fba491b201cf194859c259f75ae98b4c3

  • SSDEEP

    98304:Bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffn:

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      26c40137d44baffaed0feef784b5a6bd

    • Size

      14.7MB

    • MD5

      26c40137d44baffaed0feef784b5a6bd

    • SHA1

      cbd0f74afe260641d62a4020e6d3f00d56c14e75

    • SHA256

      5363de7557a8cea70d59831cdeb9f42268f0d8628168c343bcd8f09851d0b6c2

    • SHA512

      12f9c4a04590c72c75796eebcd06e7f8f7c94bd5495c57dee75ab9abbf6d3c8bca8be8edb4d86e2a17cff88116c4449fba491b201cf194859c259f75ae98b4c3

    • SSDEEP

      98304:Bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffn:

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks