Extracted

• • Target

    05ef9769c64b9e886e5278e450587dd4

  • Size

    13.9MB

  • MD5

    05ef9769c64b9e886e5278e450587dd4

  • SHA1

    c8dd39cf2725f1f4e778f1a3f40bbc54c12a072f

  • SHA256

    aa04b3d9d58fd65c35da8d55a4ef05bf0fc33b1f349826fcae0c7c6b4ad0415a

  • SHA512

    f7888b592715c1293195ae5a60d4206055cc1c96731f39d7e27b6ecc2609f9fd8884f5c890c6609cdfedde4fa32d04e9cc7b8e2885a1af3f617b7c3d81666279

  • SSDEEP

    24576:yjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBl:ynh

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2