Extracted

• • Target

    14db623bcfca3403b962630d14a09562

  • Size

    10.6MB

  • MD5

    14db623bcfca3403b962630d14a09562

  • SHA1

    ba07d90e558e096269d34f1acbba7f8069630296

  • SHA256

    5abc8872bfbbfa843fe5e832a67b5b1b5f4cdc871f85f199d41d997394f6e759

  • SHA512

    a3bc843100e6fb7c02a35a5e42968df4a7bd56837393d440252cc423636c1c0e7a8eb59355eeae68b67965e7e2847df98e455ed0173014797016f0c91b819455

  • SSDEEP

    49152:Pjrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrn:v

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2