Extracted

• • Target

    6e290f6a03ebdb6a9a69a182f87814bc

  • Size

    13.6MB

  • MD5

    6e290f6a03ebdb6a9a69a182f87814bc

  • SHA1

    696826c3b5385b9982a5963de0bbc0685e85f085

  • SHA256

    17deb21e95231597fca9df3dc5dcc68d66e46e088d30ae63ab80496ca93aa405

  • SHA512

    ffaaec5a6c6022f9f12f7bf3dace85c8b6847fcc204edafd75a8f965de2f69cbdc4439787d6f8a9d33b33044f2ceda23e8e697439d9dcb8a72897b1f1a87d368

  • SSDEEP

    1536:mgrtnQ0lULhZotkxdIvblp95RdfSYQnp9EI8JH+PhN06iWWzBWzBWzBWzBWzBWzI:Y0lULRxdIjr9bEYQfWePhN06

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2