Extracted

• • Target

    2025-04-04_5bd9842cbb237359047509b9ffb0f74c_black-basta_luca-stealer

  • Size

    10.6MB

  • MD5

    5bd9842cbb237359047509b9ffb0f74c

  • SHA1

    af0694c224af6d85bd32376a9aa713f82ee9c5a4

  • SHA256

    fabedd05d1db20e61258c1865fa6cd8179d3cf6458cfc720616fe11478b2b3b6

  • SHA512

    9b32c899c52bf42e12bc27c3491a7d993278bf2d61f6447931484ab203741e22a55167f9571a3997164d4b7bda795201c963517a8a88da3037592c72b963b62e

  • SSDEEP

    3072:/d/4YU1GznYfU+kBGsrOp7XwL0wMjKRaD8ll3//0N0N0N0N0N0N0N0N0N0N0N0NC:lAJGznKpe89gLlMOoD4K

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1