Extracted

• • Target

    0d182f5341367e6d26916b6e009496be

  • Size

    14.8MB

  • MD5

    0d182f5341367e6d26916b6e009496be

  • SHA1

    f12ebcbc8fc57312edf88d261f493fcf2f1b7269

  • SHA256

    4c39affb8098b65b972a1c3fa7dc4bb8435f89866780d6e80d29b83a7db44694

  • SHA512

    563498012cd53421efce4ac1800c8a3496bccccca6962e5dc5c25ae2ca8dbd2f14ed96da4914c6426b323e37edf4a86394bf565a34c0af742a39022bb292aa5e

  • SSDEEP

    49152:wRBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBp:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2