Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d622157c4c9861a2bb4a1c5ffd85106

  • Size

    12.5MB

  • Sample

    240128-tck94schg2

  • MD5

    7d622157c4c9861a2bb4a1c5ffd85106

  • SHA1

    8950e8c7908624eecf9c59f978446f1cafa2fded

  • SHA256

    8dd3ef051e815d7e2e7bd153477614356dac6f34f6510a06e5a19a4f84a0fb9e

  • SHA512

    38d6ba9613e13f07e91db844d856fc87da698dadacc0086a0b63e2ad365292fbbbad571099d0c70ce73f682df8fc46e1a33a5614d8010a400d4d2af05f2c8db7

  • SSDEEP

    49152:BaBVqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqm:4

Malware Config

Extracted

Family

tofsee

C2

defeatwax.ru

refabyd.info

Targets

    • Target

      7d622157c4c9861a2bb4a1c5ffd85106

    • Size

      12.5MB

    • MD5

      7d622157c4c9861a2bb4a1c5ffd85106

    • SHA1

      8950e8c7908624eecf9c59f978446f1cafa2fded

    • SHA256

      8dd3ef051e815d7e2e7bd153477614356dac6f34f6510a06e5a19a4f84a0fb9e

    • SHA512

      38d6ba9613e13f07e91db844d856fc87da698dadacc0086a0b63e2ad365292fbbbad571099d0c70ce73f682df8fc46e1a33a5614d8010a400d4d2af05f2c8db7

    • SSDEEP

      49152:BaBVqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqm:4

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks