Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cbf5e424dc90b592d06e8f30f37c1e6b
-
Size
13.2MB
-
Sample
240315-vn9mhsdg5y
-
MD5
cbf5e424dc90b592d06e8f30f37c1e6b
-
SHA1
c036166895f21a873d666560bfd7e7fce142f260
-
SHA256
2e3bb86704384f0a25c46a9b79a7f2ae0168709d3560d94f92acfd51bd6a7637
-
SHA512
0fec8527110f2c75dc3cb6b61a97fe544596f1b1575a6ac025420fa9fdd651c3dc6c4db5dcc4e1bfb8b29d1bde34c3302f2801430a5140dc626edb4f7d0810d6
-
SSDEEP
6144:1KTDS3aiZOTXbKdags2FNxWUWF5zoINm/nu:QMaiZOT+dags21Wts9vu
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
cbf5e424dc90b592d06e8f30f37c1e6b
-
Size
13.2MB
-
MD5
cbf5e424dc90b592d06e8f30f37c1e6b
-
SHA1
c036166895f21a873d666560bfd7e7fce142f260
-
SHA256
2e3bb86704384f0a25c46a9b79a7f2ae0168709d3560d94f92acfd51bd6a7637
-
SHA512
0fec8527110f2c75dc3cb6b61a97fe544596f1b1575a6ac025420fa9fdd651c3dc6c4db5dcc4e1bfb8b29d1bde34c3302f2801430a5140dc626edb4f7d0810d6
-
SSDEEP
6144:1KTDS3aiZOTXbKdags2FNxWUWF5zoINm/nu:QMaiZOT+dags21Wts9vu
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2