Extracted

• • Target

    955e4e4a56bf80a30636b0c34673cdd6a889aff6569331a5336e1606e7c1050c

  • Size

    136KB

  • MD5

    67291715c45c4594b8866e90fbf5c7c4

  • SHA1

    a86dcb1d04be68a9f2d2373ee55cbe15fd299452

  • SHA256

    955e4e4a56bf80a30636b0c34673cdd6a889aff6569331a5336e1606e7c1050c

  • SHA512

    703a9a69239ffe3bddf44fecf09136cb1e9872708d8e3d2d39f9904a4cc075d9e63d6b421bea8f1affeef855f8d9c5b903a517779777febaa84521824b4a07e1

  • SSDEEP

    3072:htd6tsZzcJ4vPX2sQ0mxrH6b6/Gz7KEMvFT:N6kAaHhpeb6+/kKE2T

  Score

  10^/10

  tofseepersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2