Extracted

• • Target

    3e23f8fd737c8e1c2b0999d8746b4e2d

  • Size

    14.2MB

  • MD5

    3e23f8fd737c8e1c2b0999d8746b4e2d

  • SHA1

    1bd7ce9a2bf41d9303951739a3647807cde20999

  • SHA256

    06b6618dfe6853cb91cdc20218faec93cc4fbc1a016d15e2106d82416488e2b5

  • SHA512

    a4681cb1174e987d796ffa4267285c61fbab6dae5bfba8c0fad303dbbc4f33931ea38de9d2715fef5274070327655d1151f8b4e45eafa6bdf4a638e5243c7f49

  • SSDEEP

    6144:00+ogoEtmYSAekxvC0J6xPFNAgbx/ektPses9zWTPGtYtYtYtYtYtYtYtYtYtYtn:qogo0Pekxvs1F2S/TtmpWr

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2