Extracted

• • Target

    2025-04-04_7d6f1b4748e144af0c92e4217f914723_black-basta_luca-stealer

  • Size

    10.1MB

  • MD5

    7d6f1b4748e144af0c92e4217f914723

  • SHA1

    aa592d916899beed262bfc9a71aeeef0048835c2

  • SHA256

    e7b496e063b128d643db2da1369603b9578fe6e9c1eac173851fc6eada32367c

  • SHA512

    60e5505a06355d76b348f5e78047c6fee8e6a35708ef1da3688231d2fbbfe6360119345fd8cbedb5cd13e8d833caa6558047bf191a1995dd45869586db077d5c

  • SSDEEP

    49152:Hz6yiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiix:Hu

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1