Extracted

• • Target

    570cb3c8f1b4128dccabb856d58cce88

  • Size

    13.7MB

  • MD5

    570cb3c8f1b4128dccabb856d58cce88

  • SHA1

    13a367d5217658076dea133c23f77b38d72c7e7a

  • SHA256

    ed12839b6d59af224c0160bb7431a252658952672b23436f0da75343ad30d9bb

  • SHA512

    5ceb0ab5dda28c22dca372a537270ad386e52a7ffefba94f508141641e6c0abd73e45dd5387b1640de2575d6c11fa808cfcca2d27ae93cae75065e265fafde1d

  • SSDEEP

    24576:kjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBX:knh

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2