Extracted

• • Target

    2025-04-04_2b38f0d01493739cc0b4702cfe36054b_black-basta_luca-stealer

  • Size

    13.8MB

  • MD5

    2b38f0d01493739cc0b4702cfe36054b

  • SHA1

    c106bfc42bf39270eee13ad6412e62e07a2b6d6d

  • SHA256

    d7ffb4ed6f97e42e499712522f5bdb5ce2452571aff71236d1005419691ec13b

  • SHA512

    198743360c536337959ad79d441551e65aa345104cfc02d9268c389ba40785bb3604858f59f226777cc773c09e5ac752c9e29c1104d7bf2d8c8e2b7db25dc553

  • SSDEEP

    49152:3/Luuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuus:3w

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1