Extracted

• • Target

    01712cc25c0c3cfcfab253e2cad522cd

  • Size

    12.8MB

  • MD5

    01712cc25c0c3cfcfab253e2cad522cd

  • SHA1

    93696f36d9ce738af89157525cdf9aeaf4865281

  • SHA256

    7d18bef53b53754a23ae16ded0805921fd40ee40e507fc80460a92615fe4b04b

  • SHA512

    0ae8306a2a045300c2a0cf6eb1aa08fdc10ad7c155c6ccfa2deb1bad4330e383063bb16b5ff136466c440d0b33ee8da92a0c9c2159c38b6ef2173cf6571f0bae

  • SSDEEP

    98304:uKlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllB:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2