Extracted

• • Target

    23e4f36a53a03c4b9bc31c8bb8a6eb2a9647ec8b2ba5b4d8dccf4f80b6ff9abe

  • Size

    98KB

  • MD5

    e7108d1c5bbdb323e604f85f9293c3bb

  • SHA1

    ed59cb4f3d4ce8e98e638954e610f57d036cbf5e

  • SHA256

    23e4f36a53a03c4b9bc31c8bb8a6eb2a9647ec8b2ba5b4d8dccf4f80b6ff9abe

  • SHA512

    1fd5f4d92e940d2db3003b77668e5cc5227e9c4b43ef2baaf882157876337d47bb964e8eefa37db1d20dd9c712f508e8ab015d73bd7932c8b86a494f1d8f54e9

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2