Extracted

• • Target

    04247444c63e4da32d03fd19d206dc7b

  • Size

    13.2MB

  • MD5

    04247444c63e4da32d03fd19d206dc7b

  • SHA1

    fce62816cc19fe0b77f7d271da20ba21233b2537

  • SHA256

    bbcbc46423a4de598202fb1eb951a6889a14f5a00f4ce2d5a17cc077e72a8b86

  • SHA512

    eac1585568e6a0bb7fef0aaac97f8210a7a4e2ea5aec26a01ea8b76ee2305938e650e49abe03f0ed85ca7e43f416e054f7b2a6b183c347945fcb35b50e65b5d6

  • SSDEEP

    49152:o8KGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG2:o8

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2