Extracted

• • Target

    2025-05-08_4affb119061c0bcd410d59e9f62121fb_black-basta_elex_luca-stealer

  • Size

    13.6MB

  • MD5

    4affb119061c0bcd410d59e9f62121fb

  • SHA1

    c83845ed7560e067a3754ad0cf1f46b39a7a5cfc

  • SHA256

    519f3ab2416638a1fbfba84faf1f41fb94ddc62d928de1541b90a5cf8ba769f5

  • SHA512

    3c1ce945e6e9c21692c5fe324b2dbbbb8b2cbd02aad4e3904c3f918dda05991430eb00fe1cd21c2617aa8b3aa4f846c0a06266dacbad7a97a144ccffb38d1e9b

  • SSDEEP

    12288:vQvccP/JGo5Idddddddddddddddddddddddddddddddddddddddddddddddddddw:YvcMAQF

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1