Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ff7abacc6e...18.exe

windows7-x64

10

ff7abacc6e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff7abacc6eb717ab0762f0b2f77bc28a_JaffaCakes118

  • Size

    11.8MB

  • Sample

    240421-rqh1ssdf3w

  • MD5

    ff7abacc6eb717ab0762f0b2f77bc28a

  • SHA1

    4f52a940cfd2ec6e553f2e1a8a736c990bd65a40

  • SHA256

    d8369336f4c5bab691e2fc846c783ac565c2a935a43ae3d982847cf8321f3a97

  • SHA512

    49ed6f215b007569122e2be67b3e1864656cf0038c127e2035fe1ea6c26d7b6be4f074f7cefdf93892eff8821f4c121d4b69450d6dccf567df953c01c4a49619

  • SSDEEP

    196608:wV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYf:

Score
10/10
tofseeevasionpersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

43.231.4.6

lazystax.ru

Targets

    • Target

      ff7abacc6eb717ab0762f0b2f77bc28a_JaffaCakes118

    • Size

      11.8MB

    • MD5

      ff7abacc6eb717ab0762f0b2f77bc28a

    • SHA1

      4f52a940cfd2ec6e553f2e1a8a736c990bd65a40

    • SHA256

      d8369336f4c5bab691e2fc846c783ac565c2a935a43ae3d982847cf8321f3a97

    • SHA512

      49ed6f215b007569122e2be67b3e1864656cf0038c127e2035fe1ea6c26d7b6be4f074f7cefdf93892eff8821f4c121d4b69450d6dccf567df953c01c4a49619

    • SSDEEP

      196608:wV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYf:

    Score
    10/10
    tofseeevasionpersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Windows security bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.