Extracted

• • Target

    03a89ba2c406fa77df7d69b272c61e64

  • Size

    11.9MB

  • MD5

    03a89ba2c406fa77df7d69b272c61e64

  • SHA1

    059f965ad5651c5ffacd8ec1628cfe2938679bcf

  • SHA256

    fb27e9ed9c3404d7e40c916b8ca7de5f628093e85d4ca60d19538bad9ecce4c4

  • SHA512

    cdc568cfce3194970b6efb8426a87ebc60a7ba92fd6f5b8e2198ee38bc37a768f101023bf3a81389c52ad3dbe72791446896fc00edabefd2f7d715b840a15a87

  • SSDEEP

    24576:dgdy5yNM44444444444444444444444444444444444444444444444444444440:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2