Extracted

• • Target

    382332c0cbbed8ca202b2d2fd83957b8.exe

  • Size

    10.5MB

  • MD5

    382332c0cbbed8ca202b2d2fd83957b8

  • SHA1

    179b0a61c9dd9b1d8827b623bf2767a9c43e63ea

  • SHA256

    c0249a27be3f1b3031ddd40657f5c22b45977388454577489d4917e18cfa4353

  • SHA512

    251def2f2eab0b8b30ad1be114d58a430fdba4e45177cae10373589c124f29797efd0ff82026b8a6ebf185fae7b119e8217e1f225a5eab75b667281c94ff1c4b

  • SSDEEP

    24576:+jCj10HSqGgeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeO:+/D

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2