Extracted

• • Target

    3c7b639b7991255518ac3ff7a9cd7926

  • Size

    13.0MB

  • MD5

    3c7b639b7991255518ac3ff7a9cd7926

  • SHA1

    78df0e627aef3c579512f8a2f80868144d363c0a

  • SHA256

    ede12aae367dc234d5043dfb40537182d2fd9874c7165b8c9edca4a210ad14c2

  • SHA512

    20f98dd5c76b3a2f2cc7892ac0f9ccc056edd971b818cea297a4be64d645265df116c269ac60f60e5b8e034b5617ce59493895ba223a3bb823b130121c74a33e

  • SSDEEP

    196608:rzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzb:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2