Extracted

• • Target

    2267e3a4b504a7cdf3c191f385a2233f40843ba18c06b7d745b8f78329537676

  • Size

    152KB

  • MD5

    8c49fb45ab38659a7e1c22685a2578c9

  • SHA1

    9c2e7120232d29d7bb75797d8256dafb8bb424b1

  • SHA256

    2267e3a4b504a7cdf3c191f385a2233f40843ba18c06b7d745b8f78329537676

  • SHA512

    4189f9fa47a92eee0456ceb4f90ac595abc83eebd003cfd88980018ec50075683a6fff00f20c418801d50057d61363795bfa1d4794cc0e7794a3067baf3450bc

  Score

  10^/10

  tofseepersistencetrojanupx

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2