Extracted

• • Target

    b93e35e817a1f4280693908ff91f1f74_mafia_JC.exe

  • Size

    14.7MB

  • MD5

    b93e35e817a1f4280693908ff91f1f74

  • SHA1

    23136bdf32692188464b0a9eae05c0d69028c496

  • SHA256

    24c25a017a0c219c93f2dec202507b2fe8040143c2a2ed2ed71ffbe2885d7f10

  • SHA512

    782720d3795a94aab59c1883501ace7499a0b64b80dc935eda1d65e561bce0dd816677ba0a4d9b5cf932b5a143bf8748560ef85382bfe4713b07a967e2b0f937

  • SSDEEP

    12288:9Vbj7zJB99tzBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBx:9JzXd

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2