General

  • Target

    2025-01-26_4c10a0e345e8808fc2ff9a25c590a34a_mafia

  • Size

    10.5MB

  • Sample

    250126-xkqfks1kgq

  • MD5

    4c10a0e345e8808fc2ff9a25c590a34a

  • SHA1

    c2831b0f2ff900245e0896508d937f51d9683320

  • SHA256

    2660543a9e16478ec15a63b15b36a5d0a705d6436e3331b1b7cbf295a9755347

  • SHA512

    ee62eabab1619df784770ccdf521d320fa0f6ffcefb15bde1e1f4d653a0f1cb9dc5a3bb7a2aaf2502eff32c59bbcba5c4ba89ce4638548ae49426e070d8204f9

  • SSDEEP

    196608:ZyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXn:UXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      2025-01-26_4c10a0e345e8808fc2ff9a25c590a34a_mafia

    • Size

      10.5MB

    • MD5

      4c10a0e345e8808fc2ff9a25c590a34a

    • SHA1

      c2831b0f2ff900245e0896508d937f51d9683320

    • SHA256

      2660543a9e16478ec15a63b15b36a5d0a705d6436e3331b1b7cbf295a9755347

    • SHA512

      ee62eabab1619df784770ccdf521d320fa0f6ffcefb15bde1e1f4d653a0f1cb9dc5a3bb7a2aaf2502eff32c59bbcba5c4ba89ce4638548ae49426e070d8204f9

    • SSDEEP

      196608:ZyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXn:UXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Tofsee family

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.