Extracted

• • Target

    064c41de0a4fb263cee19882e2caf28c

  • Size

    12.9MB

  • MD5

    064c41de0a4fb263cee19882e2caf28c

  • SHA1

    fb55bd1096c3b2b568065f375ed52b5906415648

  • SHA256

    541de955bd3be9a20807f5ab6d4023ac4b26e675ba0fa1fd2682a82aa81179e2

  • SHA512

    f8f8ed2d56ff5b5044808b1e72f94376b039349fd1cbc83256afdbfc412760db54a74fb9e5299ff0e833cc317f9c8641026d883e2ab7c011c36e55d8e236c7cd

  • SSDEEP

    12288:qz5RuW/D2OpqMtGHo/zDq1ousycoJl/////////////////////////////////n:hW/D2o5/Hq11coJ

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2