General

  • Target

    2025-01-26_8cb343877091cfef4326d1070d6c2a08_mafia

  • Size

    14.5MB

  • Sample

    250126-w9z6mszqgn

  • MD5

    8cb343877091cfef4326d1070d6c2a08

  • SHA1

    555662e3c47cfee82d5f9c9cc0df5d9a7f3486c3

  • SHA256

    85d8f4fd6c63e91d2782da9f3dd72d96204f995ed083867ed7519870067ac304

  • SHA512

    111a46a6245da0ecfe0a46579de8da4ca9d823a0aeac5b6b9cbb1626e548b18477514a4b73bded1dfe7e759d3d92605833ea1d2a229aa09c6f7d9206a7be9448

  • SSDEEP

    24576:eEfmTNIkv/ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZF:3fot

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      2025-01-26_8cb343877091cfef4326d1070d6c2a08_mafia

    • Size

      14.5MB

    • MD5

      8cb343877091cfef4326d1070d6c2a08

    • SHA1

      555662e3c47cfee82d5f9c9cc0df5d9a7f3486c3

    • SHA256

      85d8f4fd6c63e91d2782da9f3dd72d96204f995ed083867ed7519870067ac304

    • SHA512

      111a46a6245da0ecfe0a46579de8da4ca9d823a0aeac5b6b9cbb1626e548b18477514a4b73bded1dfe7e759d3d92605833ea1d2a229aa09c6f7d9206a7be9448

    • SSDEEP

      24576:eEfmTNIkv/ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZF:3fot

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Tofsee family

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.