Extracted

• • Target

    0c7824fd2d1717ce83f2c7a6522047c4

  • Size

    12.7MB

  • MD5

    0c7824fd2d1717ce83f2c7a6522047c4

  • SHA1

    4849c18f94170bd876a2b0653763c04ebe61cfc4

  • SHA256

    59b5b9da2fdcee0b843246228a6eace2de8e5f20a82e2ed7df64e78f657f8772

  • SHA512

    eae3dd61afae33e900953fb0bf4f1e994c4df8bf2c3d7ed3581a8e06801857373bc2cad25a518825c62b829eb61cc286169bf3cefc43f9b818ab937b24e7cf94

  • SSDEEP

    24576:FjDuKnh7YzbKBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB5:Fnh

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2