Extracted

• • Target

    2087dcbdd917f0c96f2e4067b4e63d49

  • Size

    13.1MB

  • MD5

    2087dcbdd917f0c96f2e4067b4e63d49

  • SHA1

    1b39f885512cf99e1f10a51308631a96f982f970

  • SHA256

    7dcf006ee2cc77b93ea32f21abf7cdf57032186f9a5bc5d9d7654179ff6e0170

  • SHA512

    6feba0192685c4c959b0d87c1501c4e7231a7a5bc20fda842fea9248c9a69e530b039cb7da5bed20cae25bd6dadf75a5df46bbf87da6273c72c52eb2f83fb29b

  • SSDEEP

    196608:PXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXH:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2