Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6579b65897fd523a9df7f1f271b83937

  • Size

    12.9MB

  • Sample

    240118-trpwvadgc4

  • MD5

    6579b65897fd523a9df7f1f271b83937

  • SHA1

    74efe89236c786277be4c231e3d0e31f37515cc9

  • SHA256

    a72fe0e974100d0d8d1bf79aed12e9ced6d30e1858d02d2cfa96346073de4555

  • SHA512

    479c3899f74cf5a7739532998edc1dddf274c74824f4ac4fa38a5b212700838ae0e2452ed17d1fc6bbc2ba274af9b1e45c142ca909f6078d3c52db2537e05396

  • SSDEEP

    24576:KUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmn:KF15

Malware Config

Extracted

Family

tofsee

C2

defeatwax.ru

refabyd.info

Targets

    • Target

      6579b65897fd523a9df7f1f271b83937

    • Size

      12.9MB

    • MD5

      6579b65897fd523a9df7f1f271b83937

    • SHA1

      74efe89236c786277be4c231e3d0e31f37515cc9

    • SHA256

      a72fe0e974100d0d8d1bf79aed12e9ced6d30e1858d02d2cfa96346073de4555

    • SHA512

      479c3899f74cf5a7739532998edc1dddf274c74824f4ac4fa38a5b212700838ae0e2452ed17d1fc6bbc2ba274af9b1e45c142ca909f6078d3c52db2537e05396

    • SSDEEP

      24576:KUqa71YB5DHlommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmn:KF15

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks