Extracted

• • Target

    310d54057b0e553d230284fdcdd1ead1

  • Size

    335KB

  • MD5

    310d54057b0e553d230284fdcdd1ead1

  • SHA1

    9dab1c464e3d8e4551070e854509d4b4aae903ac

  • SHA256

    f303448daa6e0457f26ae9a14cb80bf592b31550a1cb8fdc284c6bbe87494f42

  • SHA512

    53c1380cd2d322a66551205246bbf9ed0803e70c5e880c4a11c1c1b33db533ce8137ee9805987a6c2979a5ab21207680e8cda05195cfadece8861d1b785a05cb

  • SSDEEP

    3072:FkAgDr/XSqon0LUwWQ2UHxqms7/7btm52yls2LC5J8ZWwoQSwgeb7hiOiPg0tGis:FkhDr/+0LUdbKhsMs268UoSwrb7SpG

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2