General

  • Target

    2025-01-26_15690cfc6f103df9ee6ec8ce20fdebc3_mafia

  • Size

    10.4MB

  • Sample

    250126-xfn2ys1jfk

  • MD5

    15690cfc6f103df9ee6ec8ce20fdebc3

  • SHA1

    6e665418d284d8b938d051bafa7e21b3ba86c80f

  • SHA256

    705eafbde7f8167554b1d394de00d91d5510106c42dfb00c9cc39685c002a3cf

  • SHA512

    20b5effaeddf8efdf41e3b0e7d9ccbbb166bb71757e66b2b9f7b99c6d6d0e3e72f2166fd191a9ed20e2dbc6b8bfd744fe2c727c42210ebd9bd0b773a9b81aec7

  • SSDEEP

    24576:IEfmTNIkv/ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZd:Ffot

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      2025-01-26_15690cfc6f103df9ee6ec8ce20fdebc3_mafia

    • Size

      10.4MB

    • MD5

      15690cfc6f103df9ee6ec8ce20fdebc3

    • SHA1

      6e665418d284d8b938d051bafa7e21b3ba86c80f

    • SHA256

      705eafbde7f8167554b1d394de00d91d5510106c42dfb00c9cc39685c002a3cf

    • SHA512

      20b5effaeddf8efdf41e3b0e7d9ccbbb166bb71757e66b2b9f7b99c6d6d0e3e72f2166fd191a9ed20e2dbc6b8bfd744fe2c727c42210ebd9bd0b773a9b81aec7

    • SSDEEP

      24576:IEfmTNIkv/ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZd:Ffot

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Tofsee family

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.