Extracted

• • Target

    ad337ce79554bb2987453a9a97b17c5b.exe

  • Size

    12.0MB

  • MD5

    ad337ce79554bb2987453a9a97b17c5b

  • SHA1

    008ac0011ad0f350fc6ad1ff8871b38f204f4120

  • SHA256

    e847764440b547a703d2394b9b108ebf7d596d364099004452342e3f86d10f92

  • SHA512

    1137e93651dbffa441218bc9eaf2063078abeb83738de7fee878035adfeed827a5070cf6e00ce14d26d24d6a2d4bb834f35402e378226d70e0be5124db499c36

  • SSDEEP

    12288:+B9zHI0G+1OD5eLRriDvvZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZF:+BRXLlo

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2