Extracted

• • Target

    4ae68e95f73ab79159997bb0a178cf3a

  • Size

    11.3MB

  • MD5

    4ae68e95f73ab79159997bb0a178cf3a

  • SHA1

    3f8ddf4c032336020214219e0b436293b2be083e

  • SHA256

    92f0f33e982af05c9e83905e30533e9d5b6e1e10020ddb843b10acaf27554e27

  • SHA512

    7114c1b19b52deba7c300b2aa440b9b0b507c6c1685aa882c38725ba328fb445fa224573fda4778db151c4f976449d49097112a723a2d5d8c57ac24215404e1d

  • SSDEEP

    12288:YRXQK44fy611111111111111111111111111111111111111111111111111111V:YRx2

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2