Extracted

• • Target

    4767e376710ac4114a9c3305f472c15d

  • Size

    13.7MB

  • MD5

    4767e376710ac4114a9c3305f472c15d

  • SHA1

    c38157a2799b23cb819adafa55deaf4db2ce2f96

  • SHA256

    aab38529a26fd7fc205b84f30492f5e0c34777da64f0bcf19be60008982e5a30

  • SHA512

    b3188bbbe7ed7b155706ebc030be560e6767a448e6b27fb69cae57ce8201477b37558e097265dac2fa739021ea7868f693032ecd39a25d2e33b171d5f5d2c6dd

  • SSDEEP

    24576:yjY+lg48SlJPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP:9HSl

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2