Extracted

• • Target

    2025-04-24_3e857b8845964ae9b52feb7c36f876c4_black-basta_elex_luca-stealer_smoke-loader

  • Size

    12.2MB

  • MD5

    3e857b8845964ae9b52feb7c36f876c4

  • SHA1

    769b2d781be45eaa0090567806e5268c7b4d1626

  • SHA256

    50790f2b43a0271d33809f8aecd5e081f6077cf9b68be0c5b448cb47c3228ebd

  • SHA512

    eedcf4ff22e985e5c650cacfa6d4e980c48e234d43c1fc35b4d959c64fedc1aa0f7435fc71f7e2019af33c2540cdf0ae3cd494517c1bced02d2099cdc0c64faa

  • SSDEEP

    49152:ij1ctttttttttttttttttttttttttttttttttttttttttttttttttttttttttttP:ij1

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2