Extracted

• • Target

    772799dc3cc78684ab3fa3d2f8ab4114ff89c93dd86894e4f0c4260e66bd52dd

  • Size

    172KB

  • MD5

    3ecfd607b442733a2110fadc800351f4

  • SHA1

    9ac1528965ef536b90e4d71b32d19663594b2503

  • SHA256

    772799dc3cc78684ab3fa3d2f8ab4114ff89c93dd86894e4f0c4260e66bd52dd

  • SHA512

    7e666c00dc83e6f974707baa2c7cc7bc29e269fcce68fe23103385c536bb211712dfcaff1dc33e4481538ce99dfe4ea8e6a4e0802286a80d0de6b39fef682a4f

  • SSDEEP

    3072:j7wuODVbE2EPaZ9JwteJiO9RLk2/4IUT5ks77+Jkqk94tuS9TMMi5aspL:XbGVvasNQ777+7/oIQMqvL

  Score

  10^/10

  tofseepersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2