Extracted

• • Target

    588f79d3105e2be8216d255a89374342

  • Size

    10.5MB

  • MD5

    588f79d3105e2be8216d255a89374342

  • SHA1

    7c3b870f5e0e486b77209196751105c6dd0d7628

  • SHA256

    41939e12368b1047b5a8680e93a04be3d9065d6d2c4469b0d47c64a5f459176b

  • SHA512

    ff1e8e1f2441ae678628c5c0fec184560c070ad1318ff4722b9bf833492db40dbcc51d0b77a671f9bc1c83c864bfcc240e88dd60111331c6e4d66e8f88df6340

  • SSDEEP

    196608:iV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYg:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2