Extracted

• • Target

    74b207c88cf49d87489234697e01459a

  • Size

    14.8MB

  • MD5

    74b207c88cf49d87489234697e01459a

  • SHA1

    4b6aee7a8491f8af19baedab30e80198b4f4c395

  • SHA256

    819e8ea3bf2c3bd94269febabb6aa64c54cf542306ae38c35ad79862a3b25fcd

  • SHA512

    8b552b8e5724ebba31168c16759aea7035efc60b13eb203030aae6fc0adad1520ccf0da6371eabc2b61d96f646117c6699add6f6b1ea3247bf8e577443fbf554

  • SSDEEP

    24576:ngdy5yNM4444444444444444444444444444444444444444444444444444444H:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2