Extracted

• • Target

    594d6a2895b1881cd97b7cfb922c626010318fbee43feab7cb637d5ed869086c

  • Size

    10.2MB

  • MD5

    eea68bf2ded6d4a1f83621d9cc95996b

  • SHA1

    1be80d3f418354fd5dbafe7fb257daafa66dc007

  • SHA256

    594d6a2895b1881cd97b7cfb922c626010318fbee43feab7cb637d5ed869086c

  • SHA512

    3c23d9d4c46cab30a20aa5dacb98fe78526399a29c9c063de3e84b0fb3660f1edf659add5aa373e299cee7fb758c93c8cbd278ded8d998c8dcf9134d5166b8d3

  • SSDEEP

    98304:b99999999999999999999999999999999999999999999999999999999999999H:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2