Extracted

• • Target

    8d9c56dd31909b6e89e25507675c6b7b

  • Size

    10.5MB

  • MD5

    8d9c56dd31909b6e89e25507675c6b7b

  • SHA1

    3ba5ad56462e318ba115347b0d9f7f2075a0ffa1

  • SHA256

    45421b836d628ab8b92c45da0527d16716877b0d829619a7cd0106a5c0215a6c

  • SHA512

    cc0d1884c22f58538720c03b702b11c525555877c4ccab5d625701ecc04e87f12606fcc078721fe5475bb694d46929200811f2ed92734ad2fdbfaf2bc2b7377a

  • SSDEEP

    49152:vgMttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttl:v

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2