Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...82.exe

windows7-x64

10

JaffaCakes...82.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e09854897ea07aeb941df72b254b6e82

  • Size

    189KB

  • Sample

    250210-3wj1tssmaj

  • MD5

    e09854897ea07aeb941df72b254b6e82

  • SHA1

    ddb844c3f35658a5e49bcbba53e0ccc60b79eb1c

  • SHA256

    8098bb89f581040c254b1665f60650ca4757bc4af00f41f5a9e68acb215dc719

  • SHA512

    831b1a6dc4afd07112d8912127e9e4587da597958d164afb79a5c8dbb38cfb11b4950dcbb8eae006b49945a54c1595ed497968e3120e46cae16535adee847feb

  • SSDEEP

    3072:wYI7LgYtYDIdAUDccd6evmek94zeCI3YeS:6Ksd9d6Ik93CIzS

Score
10/10
tofseediscoverypersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

91.121.4.118

rgtryhbgddtyh.biz

wertdghbyrukl.ch

Targets

    • Target

      JaffaCakes118_e09854897ea07aeb941df72b254b6e82

    • Size

      189KB

    • MD5

      e09854897ea07aeb941df72b254b6e82

    • SHA1

      ddb844c3f35658a5e49bcbba53e0ccc60b79eb1c

    • SHA256

      8098bb89f581040c254b1665f60650ca4757bc4af00f41f5a9e68acb215dc719

    • SHA512

      831b1a6dc4afd07112d8912127e9e4587da597958d164afb79a5c8dbb38cfb11b4950dcbb8eae006b49945a54c1595ed497968e3120e46cae16535adee847feb

    • SSDEEP

      3072:wYI7LgYtYDIdAUDccd6evmek94zeCI3YeS:6Ksd9d6Ik93CIzS

    Score
    10/10
    tofseediscoverypersistencetrojan

    • Tofsee

      Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

      trojantofsee

    • Tofsee family

      tofsee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks