Extracted

• • Target

    504365551a406e82ac71872b066960e6

  • Size

    10.5MB

  • MD5

    504365551a406e82ac71872b066960e6

  • SHA1

    03af4ce319ee6b27aa816bb6a24a35ca606c140e

  • SHA256

    bb19283d50fe702280862d84abb9a72f6546de7d5f030bba4266fc589bb93bd3

  • SHA512

    0656f6cfcfc92e94a877dca8f7281576d1a247ce75f81e7ef1b14fe8b2f7edfc2f93a3ef6013f668f994b92dcc019fdc1759f10ef505c64f8e977dec7a56bd9b

  • SSDEEP

    49152:2ckGb22222222222222222222222222222222222222222222222222222222223:2ck

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2