Extracted

• • Target

    1986f6ee9a935c96a465c400744c572e

  • Size

    13.2MB

  • MD5

    1986f6ee9a935c96a465c400744c572e

  • SHA1

    b5864a9dd6ce06c058b3d250887d17b4c3a8e379

  • SHA256

    7628868df077a2dd4e9f8453321e02a0929d4ef979d9774532a40d1abd2253e4

  • SHA512

    3d396c9ad0886878e560f0742476344af2d367444f4a58b5881772091bcf2b01a793b197a6ed588c8d7dfba84479fd83441d495b37109b3f93ac1ccc3afeb1c4

  • SSDEEP

    24576:1jY+lg48SlJPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPv:wHSl

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2