General

  • Target

    2024-12-07_62d58192a77785f2b84ea8d0e7e68ff8_karagany_mafia

  • Size

    12.5MB

  • Sample

    241207-w58l8asrfp

  • MD5

    62d58192a77785f2b84ea8d0e7e68ff8

  • SHA1

    f154f6b8d9f8192c2a5312c940a7f5496411ed97

  • SHA256

    eb0ea2494a23b87ee6c07bd492afce2f6a0481f4a160fbb67c73fe18ed01ccf7

  • SHA512

    f9c27a7a5f547780b5705969135d27de39fcbfba93b992f69c6a7ec4854cd38b33022e20912c076e6b78b55f1c050edca374869db41e76fa760c4d87cf0b85cf

  • SSDEEP

    6144:4XxZveEydmxZnXNMRaTuMUifWLKxNMMMMMMMbgb:4XzvvygxZnXxr+mxNMMMMMMMbg

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      2024-12-07_62d58192a77785f2b84ea8d0e7e68ff8_karagany_mafia

    • Size

      12.5MB

    • MD5

      62d58192a77785f2b84ea8d0e7e68ff8

    • SHA1

      f154f6b8d9f8192c2a5312c940a7f5496411ed97

    • SHA256

      eb0ea2494a23b87ee6c07bd492afce2f6a0481f4a160fbb67c73fe18ed01ccf7

    • SHA512

      f9c27a7a5f547780b5705969135d27de39fcbfba93b992f69c6a7ec4854cd38b33022e20912c076e6b78b55f1c050edca374869db41e76fa760c4d87cf0b85cf

    • SSDEEP

      6144:4XxZveEydmxZnXNMRaTuMUifWLKxNMMMMMMMbgb:4XzvvygxZnXxr+mxNMMMMMMMbg

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Tofsee family

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.