Extracted

• • Target

    09fb3144de867e7c169487caa0e1ce08.exe

  • Size

    10.8MB

  • MD5

    09fb3144de867e7c169487caa0e1ce08

  • SHA1

    339bb8c2d5ef3e6b09a0fd6724016888b10dbc5d

  • SHA256

    a00203b2864830c0bb300c4e894c874051b6514d1ef96064bfa1032eab8392b8

  • SHA512

    88186ce4e3873d85371cb291a8a2c5b47540e31d05ba61da50e5495cce517f6a420d5a1f22df64af2543c1f01c291c19f6e7fb6987a707837d2340f972d48ac7

  • SSDEEP

    98304:/jhd88888888888888888888888888888888888888888888888888888888888Q:/

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2