Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2025-02-02_5069176565dc2981746a77fa16c53fba_mafia
-
Size
13.8MB
-
Sample
250202-bbcbpsznan
-
MD5
5069176565dc2981746a77fa16c53fba
-
SHA1
ed2dff175469027b24f876eb93a698e769330b67
-
SHA256
8b5a317e4866d667963374a2c73acafd3989fce97969edd0b00501f13a9daceb
-
SHA512
6585f68847f03bd452b581399a4287dac5f37378854ae8c6049f0a8594a0f2486a04fa777abd2e24355783e4f1b1646bbef5660733a4d0cf7c1e9ff74ebf3dd5
-
SSDEEP
393216:hXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
Static task
static1
Behavioral task
behavioral1
Sample
2025-02-02_5069176565dc2981746a77fa16c53fba_mafia.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2025-02-02_5069176565dc2981746a77fa16c53fba_mafia.exe
Resource
win10v2004-20250129-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
2025-02-02_5069176565dc2981746a77fa16c53fba_mafia
-
Size
13.8MB
-
MD5
5069176565dc2981746a77fa16c53fba
-
SHA1
ed2dff175469027b24f876eb93a698e769330b67
-
SHA256
8b5a317e4866d667963374a2c73acafd3989fce97969edd0b00501f13a9daceb
-
SHA512
6585f68847f03bd452b581399a4287dac5f37378854ae8c6049f0a8594a0f2486a04fa777abd2e24355783e4f1b1646bbef5660733a4d0cf7c1e9ff74ebf3dd5
-
SSDEEP
393216:hXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
-
Tofsee family
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2