General
-
Target
2025-01-27_d0b86455db24c48c02e9c9c129a7f98e_mafia
-
Size
11.7MB
-
Sample
250127-m9bzdawqen
-
MD5
d0b86455db24c48c02e9c9c129a7f98e
-
SHA1
23b5fdd772bfcc4e8f05a37b9f570de988651afb
-
SHA256
4b50c7d858cfb0f17475894bb2e4594f1661d3d820e701c717ce35ecef8816a3
-
SHA512
66e975202ea3ef667e99f81a80bcd7f9a5e16c8f2eb31b704e08625b5aa467fd671d56d74019f1b8fa21b164a3dc358fe34102f306a98ca48f0d1991c5f313c3
-
SSDEEP
49152:0qE0YKr3fYPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPO:0qtYc3h
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-27_d0b86455db24c48c02e9c9c129a7f98e_mafia.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-01-27_d0b86455db24c48c02e9c9c129a7f98e_mafia.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
2025-01-27_d0b86455db24c48c02e9c9c129a7f98e_mafia
-
Size
11.7MB
-
MD5
d0b86455db24c48c02e9c9c129a7f98e
-
SHA1
23b5fdd772bfcc4e8f05a37b9f570de988651afb
-
SHA256
4b50c7d858cfb0f17475894bb2e4594f1661d3d820e701c717ce35ecef8816a3
-
SHA512
66e975202ea3ef667e99f81a80bcd7f9a5e16c8f2eb31b704e08625b5aa467fd671d56d74019f1b8fa21b164a3dc358fe34102f306a98ca48f0d1991c5f313c3
-
SSDEEP
49152:0qE0YKr3fYPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPO:0qtYc3h
-
Tofsee family
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2