Extracted

• • Target

    2fc40cff07f1e60f6aa3c2e2a3d94c6d031573fd7eaddc865d396d3c27da583b

  • Size

    123KB

  • MD5

    9023fe87594e524cb743689038daa1d0

  • SHA1

    e9beebd569fd91ad7fbee9cd6fc31d736be0fc76

  • SHA256

    2fc40cff07f1e60f6aa3c2e2a3d94c6d031573fd7eaddc865d396d3c27da583b

  • SHA512

    e4452210eb19c93e94c7b1a722bd71564cef9e93b723dfddf893bc88f03e50f5dca055d3aca713a083632b9187a738d33497b15aa47d23493130be587dedb459

  • SSDEEP

    1536:e76oh6unW1dh3BpdOEeBW8aBFhrRFccloCtjbtXmEi8YJaXX:e704qr3BleB5aBXIcSCNbAlM

  Score

  10^/10

  tofseepersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2