Extracted

• • Target

    978dbbcd7fe5aef66e208b49220efe402292abb56754dd81ba61c10ec9bcc357

  • Size

    11.9MB

  • MD5

    b5072febf349daf9ec3efb305e919bbb

  • SHA1

    f897d5d432849eba226148bd301b19e6ded7c67a

  • SHA256

    978dbbcd7fe5aef66e208b49220efe402292abb56754dd81ba61c10ec9bcc357

  • SHA512

    bc46f4c9b859a47a60de9d99df7a8084c96373238e505122a222f0f9fbb89514adf29d247b622714c82be726866a9463dcbb2bb9d8fd88a63cd02ac2f1b2839c

  • SSDEEP

    3072:P8NYa2qJjULtTNupQyEC6pxhhfm5OcVi:PsRItTNKr2f45

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2