Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bc9734c2cc8f0ce729606a1094139e5e

  • Size

    11.7MB

  • Sample

    240309-xypq7sfh88

  • MD5

    bc9734c2cc8f0ce729606a1094139e5e

  • SHA1

    9ba350559fdc66ad89cfaa88374dddcefd49ea37

  • SHA256

    dc9b51704541b43494bab704763d5f593a560cd758fd8d1aba1817a9a4ebd6b5

  • SHA512

    ed704ce7597efd3cb4e1ebb7acb3dacbc53f4f0819cf800ead36a07c7044d01115994303b467330ccd7c9a07bd40f46279ccb05abc528508bb41a86187885040

  • SSDEEP

    24576:ajCj10HSqGgeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeO:a/D

Malware Config

Extracted

Family

tofsee

C2

defeatwax.ru

refabyd.info

Targets

    • Target

      bc9734c2cc8f0ce729606a1094139e5e

    • Size

      11.7MB

    • MD5

      bc9734c2cc8f0ce729606a1094139e5e

    • SHA1

      9ba350559fdc66ad89cfaa88374dddcefd49ea37

    • SHA256

      dc9b51704541b43494bab704763d5f593a560cd758fd8d1aba1817a9a4ebd6b5

    • SHA512

      ed704ce7597efd3cb4e1ebb7acb3dacbc53f4f0819cf800ead36a07c7044d01115994303b467330ccd7c9a07bd40f46279ccb05abc528508bb41a86187885040

    • SSDEEP

      24576:ajCj10HSqGgeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeO:a/D

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.