Extracted

• • Target

    05d7c671aacc749256eb4bff4bf6ba15

  • Size

    10.1MB

  • MD5

    05d7c671aacc749256eb4bff4bf6ba15

  • SHA1

    12b5be47bc40d49fed97a0ecbc61879c6527e3f7

  • SHA256

    75065fb333a2af48312ad3db7cd379895965031f095be5220b22b732ffd8783a

  • SHA512

    65952f6443c5972a86f8fbc714c2641f30871ddf29a3c2fe905eeb324aa46273c74889eecdb8b64b37336313c5df4ed4f421993d47f9e5938bb06018dc6b4ac2

  • SSDEEP

    98304:QNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllT:GW

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2