Extracted

• • Target

    1971f29dbe7038f50552cff2c3a56ab15f941bcd90bea3404961f109eb77360a

  • Size

    10.9MB

  • MD5

    3b4ec4dce6bbf75afbcae31112bc54a1

  • SHA1

    084e1cdc66b1eed1a8dd37391ff4c5a6239e5267

  • SHA256

    1971f29dbe7038f50552cff2c3a56ab15f941bcd90bea3404961f109eb77360a

  • SHA512

    566d098f0bbad9eea09a06e89d97de6a0e46f101d06ddf3bf6ce5506d0dcbd1388a4e7c3ca6ca54045b83cb1a1c961a58206c2bee68d1ada9c3b71146d1f2452

  • SSDEEP

    3072:9AS2oAKtZZy2m4zRwhIuGi9Pf2AG/7999999999999999999999999999999999T:9A7KtDyv4lwh7S

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2