General
-
Target
2025-04-04_5b0fcf045ab97e45b05b4f876c34bf11_black-basta_luca-stealer
-
Size
14.2MB
-
Sample
250404-f7z5vsz1fz
-
MD5
5b0fcf045ab97e45b05b4f876c34bf11
-
SHA1
2910468ed6f64dec43cfab64213720dcfbffce77
-
SHA256
ebb8a9eab301ab50f19221fabf2a6433a1c8b762e621f9771d8a083c182ffd4e
-
SHA512
8a7f98a79b960928fcac1f721a30bdb1d5a8f56f0522dd4214896658d2aca5e03c068736f9b06c2b2690c58a5830a4a001fa1876b7c6ea1b8e8a57023346e272
-
SSDEEP
3072:ZUbMNIxnynf6ZmHexBK1DQKgrUNjuRCCH+AtUTRM/phZl+H81CCCCCCCCCCCCCCT:SAN6ynf6tx1ruuRFeAtoRMDx
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
2025-04-04_5b0fcf045ab97e45b05b4f876c34bf11_black-basta_luca-stealer
-
Size
14.2MB
-
MD5
5b0fcf045ab97e45b05b4f876c34bf11
-
SHA1
2910468ed6f64dec43cfab64213720dcfbffce77
-
SHA256
ebb8a9eab301ab50f19221fabf2a6433a1c8b762e621f9771d8a083c182ffd4e
-
SHA512
8a7f98a79b960928fcac1f721a30bdb1d5a8f56f0522dd4214896658d2aca5e03c068736f9b06c2b2690c58a5830a4a001fa1876b7c6ea1b8e8a57023346e272
-
SSDEEP
3072:ZUbMNIxnynf6ZmHexBK1DQKgrUNjuRCCH+AtUTRM/phZl+H81CCCCCCCCCCCCCCT:SAN6ynf6tx1ruuRFeAtoRMDx
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1