Extracted

• • Target

    2cb8331dab2c0c108691947e56b4172716b1d23fd064a932d6202f7cf76feb39

  • Size

    172KB

  • MD5

    dafc043be699b11f059f25d3df8360d0

  • SHA1

    973a61daf7a94734fb1c8244b66042658f2642ce

  • SHA256

    2cb8331dab2c0c108691947e56b4172716b1d23fd064a932d6202f7cf76feb39

  • SHA512

    6e69e2488f170d9c453e8a41ce1a53ec372d097b1587c7c4351fc1b04fd1852e8ac23cfbfb11b02fd6627d2b67975b56450bc3f07058ee2c78b1e2b182eec9e2

  • SSDEEP

    3072:P6oBRcjQ0GCmBrGltChf8jytCeJxyYVCK+mQEryy:P61mBrGbywejyjKpOy

  Score

  10^/10

  tofseepersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2