Extracted

• • Target

    770ad0a1aed7298166f4f22150a64fe1af49703506002bb16bb5eb8fb5b9d980

  • Size

    260KB

  • MD5

    32a0c50370e88cd274964acd32d2b201

  • SHA1

    9fe6f92ba1cb6289eb280b7e21e7c0f985b6666a

  • SHA256

    770ad0a1aed7298166f4f22150a64fe1af49703506002bb16bb5eb8fb5b9d980

  • SHA512

    36bd13d425361bc8f83d384bafbc0d225d57bfd24d31705ac6e8b08c3fd2f111241a834eaf07b16bc5f9b3c7b395e00fc5fb164033341ee1439daae55e239cd9

  • SSDEEP

    3072:3jMvBpGl8HLnr7BWz5KBqz7umHSZFLNTevQUwIse9U6BPLR7BxM/h3:4vBE+HLr7lqf7WRevaGLPLRNx

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1