Extracted

• • Target

    3d9950da93cd49e077a9fb67b0a11083.exe

  • Size

    128KB

  • MD5

    3d9950da93cd49e077a9fb67b0a11083

  • SHA1

    c6b1c27c60292fefa90abc09e261ff9dd54020a2

  • SHA256

    e1fc8f07140626773a91b52bf11c04eb4039785717f8300c1bdc531a3fd08d73

  • SHA512

    97ed78b23d5e779af42648c8e1f5097275f695ca4af3a1bff4063d1f33b7004813e483f07e0821f422e84542ba6f3df3729d1f84512561193a3c2a9c08321648

  • SSDEEP

    1536:j7LpUvW+mft5vqRNGxlk8ECwqJgIUMh6h8azcJJgONJ8jXBA2:jRU8fRxlk0wqJguK8ScJ+ewA2

  Score

  10^/10

  tofseepersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2