General

  • Target

    2025-01-28_55b2bf14613a4eaba102c56e35b48354_mafia

  • Size

    11.9MB

  • Sample

    250128-lsxdbavngj

  • MD5

    55b2bf14613a4eaba102c56e35b48354

  • SHA1

    40e400f46bdc4dab10f8e8c98af32ffa8fab298e

  • SHA256

    65746616ce1a98e6c66240aed7eafafc1b00d11b8abbee7dc6adcc8d36d8aebf

  • SHA512

    ea8882e8bf71935d65c5313ebad2ae2a8cb48dd32c5b816bf622879c7b33aa391f93eadf8d02113e2d6feba8d1cb9572c24c2170f08bffc291537b650385576f

  • SSDEEP

    3072:HLBgXOXcdW8tar7vGdq8c7YMl2b8anmMXnb58XuDP9het3Zv1oSW1za2E+w5C2/G:eOMdRQr7OB0ypmMXnl8XEPM3noSWOCf

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Targets

    • Target

      2025-01-28_55b2bf14613a4eaba102c56e35b48354_mafia

    • Size

      11.9MB

    • MD5

      55b2bf14613a4eaba102c56e35b48354

    • SHA1

      40e400f46bdc4dab10f8e8c98af32ffa8fab298e

    • SHA256

      65746616ce1a98e6c66240aed7eafafc1b00d11b8abbee7dc6adcc8d36d8aebf

    • SHA512

      ea8882e8bf71935d65c5313ebad2ae2a8cb48dd32c5b816bf622879c7b33aa391f93eadf8d02113e2d6feba8d1cb9572c24c2170f08bffc291537b650385576f

    • SSDEEP

      3072:HLBgXOXcdW8tar7vGdq8c7YMl2b8anmMXnb58XuDP9het3Zv1oSW1za2E+w5C2/G:eOMdRQr7OB0ypmMXnl8XEPM3noSWOCf

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    • Tofsee family

    • Windows security bypass

    • Creates new service(s)

    • Modifies Windows Firewall

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.