Extracted

• • Target

    0a6f8d6155ae1fd81f089e2f2459d79a

  • Size

    10.5MB

  • MD5

    0a6f8d6155ae1fd81f089e2f2459d79a

  • SHA1

    9ed665dcff37925024f78a80001e88e230054146

  • SHA256

    790ff7291e4267aeaffdd71ea6767353b0f46ee27dc9b1d287797d2f403b0715

  • SHA512

    fa27d4bef6d28d06f326b236fd0f02679074c5fe8a24f7a796a79acfdf3a28fff91fd22dd7bd83e538813d67c4cf894f7114c41a8c384280943f8d77130f3646

  • SSDEEP

    98304:xbxPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPn:xb

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2