Extracted

• • Target

    0ff6d6f73cc148a28c96697f54e22401

  • Size

    11.0MB

  • MD5

    0ff6d6f73cc148a28c96697f54e22401

  • SHA1

    12bd9b7cfbe94c370e8284d45cdeb006b718603e

  • SHA256

    9f211d7ac4b99edbc529e8f5c3c054b7921289f45028e6c7f1678054accb7db2

  • SHA512

    805f14ecec4058697fa44a9c2283518ac96ee897ed86cb7016d175a822a9eb28ba9923d3886bcd0304f2b8a0cdc7eacb93bd73dd0b85260025f7687adb47c7a8

  • SSDEEP

    196608:Lrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrn:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2