Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ff7abacc6eb717ab0762f0b2f77bc28a_JaffaCakes118

  • Size

    11.8MB

  • Sample

    240421-rqh1ssdf3w

  • MD5

    ff7abacc6eb717ab0762f0b2f77bc28a

  • SHA1

    4f52a940cfd2ec6e553f2e1a8a736c990bd65a40

  • SHA256

    d8369336f4c5bab691e2fc846c783ac565c2a935a43ae3d982847cf8321f3a97

  • SHA512

    49ed6f215b007569122e2be67b3e1864656cf0038c127e2035fe1ea6c26d7b6be4f074f7cefdf93892eff8821f4c121d4b69450d6dccf567df953c01c4a49619

  • SSDEEP

    196608:wV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYf:

Malware Config

Extracted

Family

tofsee

C2

43.231.4.6

lazystax.ru

Targets

    • Target

      ff7abacc6eb717ab0762f0b2f77bc28a_JaffaCakes118

    • Size

      11.8MB

    • MD5

      ff7abacc6eb717ab0762f0b2f77bc28a

    • SHA1

      4f52a940cfd2ec6e553f2e1a8a736c990bd65a40

    • SHA256

      d8369336f4c5bab691e2fc846c783ac565c2a935a43ae3d982847cf8321f3a97

    • SHA512

      49ed6f215b007569122e2be67b3e1864656cf0038c127e2035fe1ea6c26d7b6be4f074f7cefdf93892eff8821f4c121d4b69450d6dccf567df953c01c4a49619

    • SSDEEP

      196608:wV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYf:

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.