Extracted

• • Target

    4f4fdcdb43efb498d6ef18b6f1b4328d

  • Size

    11.5MB

  • MD5

    4f4fdcdb43efb498d6ef18b6f1b4328d

  • SHA1

    d0c601fdbab09097e1f59b04a4f54ba9b339c42b

  • SHA256

    83e1d2491d8ae3c7543581a3d0af1432400e16fa147ad9ce63637f140d07e6b9

  • SHA512

    06aeed134aacf8e5b8b6ff3b6c9ef29734b5a7ab4f8be8c137d5d2c100b7643ab2ddfefaa85081a665d87f231127aee1c1d2bf65cc26f842a3f28625004e9b4d

  • SSDEEP

    98304:iNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllD:4W

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2