Extracted

• • Target

    f22195b83a3c4e02677a69e80c8b66fe.exe

  • Size

    14.5MB

  • MD5

    f22195b83a3c4e02677a69e80c8b66fe

  • SHA1

    22bb4f0bb5e5a74919c826951f6452379b5ab270

  • SHA256

    f0d18843cd2adf8eb01fb11839339c7f8ef134ace9f9d5a4f1bf4b6229808a07

  • SHA512

    93e9675c2f83bac2d27bb7df7c02e95208cddf763b020ee4c7655a79eff1b77b2afd7c6d695df66b429c429f03d1154bc6fdf0d0775b8c9144b4d271f8027c41

  • SSDEEP

    6144:X5VCb4QuzF5pIozzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz:J8NKF5p

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2