General
-
Target
2025-03-31_87c0a988a2cc0f609e9c4c5ec6c09135_black-basta_luca-stealer
-
Size
14.7MB
-
Sample
250331-srx2sasxay
-
MD5
87c0a988a2cc0f609e9c4c5ec6c09135
-
SHA1
983e99278ad072ab5fdb2555870110417ad93da4
-
SHA256
09786ee13ab212d77fc3d7a11b73694e87403851bc5ee418bd5251043fe9fc38
-
SHA512
b95651e026b5a6de9d67c60e85e06f5dee88b166edce2f02437c083998ef74ff3611cd3fb2c2cba3651303586d8c89688129b88fb4a14d537131f82eae48cb67
-
SSDEEP
6144:5f0DpcGWwuzeuCkzdJk0aXILjkXDev7D9+Fy3HOpYlHn5eyc4+uK1:5fYcGWtpaXIcSvQ1GHnxzj
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
2025-03-31_87c0a988a2cc0f609e9c4c5ec6c09135_black-basta_luca-stealer
-
Size
14.7MB
-
MD5
87c0a988a2cc0f609e9c4c5ec6c09135
-
SHA1
983e99278ad072ab5fdb2555870110417ad93da4
-
SHA256
09786ee13ab212d77fc3d7a11b73694e87403851bc5ee418bd5251043fe9fc38
-
SHA512
b95651e026b5a6de9d67c60e85e06f5dee88b166edce2f02437c083998ef74ff3611cd3fb2c2cba3651303586d8c89688129b88fb4a14d537131f82eae48cb67
-
SSDEEP
6144:5f0DpcGWwuzeuCkzdJk0aXILjkXDev7D9+Fy3HOpYlHn5eyc4+uK1:5fYcGWtpaXIcSvQ1GHnxzj
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1