Extracted

• • Target

    2025-04-04_848ac202b7452558d4b1ae14a77fbb8c_black-basta_luca-stealer

  • Size

    10.0MB

  • MD5

    848ac202b7452558d4b1ae14a77fbb8c

  • SHA1

    3fdf2e6e38ade48a8944e99bdacf22aec6a7a73e

  • SHA256

    5ea9b15b646c6304171c9d34449073332c6a22f780f6946588c4f266260b65c7

  • SHA512

    f9b9aed63f0c3c5833d00b3ddd5bda1f172cae98e9c7361d7d35043d88f3ec44503549cb620b08cd5a7de819537fe26e236491086edb7b4fc998410baadbdf27

  • SSDEEP

    49152:L/LuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuP:L

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1