Extracted

• • Target

    511fa335e111d3cee40cb12f7a9746ab

  • Size

    13.0MB

  • MD5

    511fa335e111d3cee40cb12f7a9746ab

  • SHA1

    75a5b2a0fc672d4d20e9db3d61d4790fb8cfd643

  • SHA256

    2c2f2fcc1e60c02335872cf79d5f172a9dfa49a8dfc95255c69af8bb418364e6

  • SHA512

    47921214a1d972b1010381c345d1ab6f13a5f5c74d0f15ec2397df866c22352871bf57fdfccc0d0af577ac6c136e4b0dd38fa994844dd1b71c3b2250abee9082

  • SSDEEP

    49152:uVwj1RzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzX:2M1

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2