Extracted

• • Target

    a2dac4450c8268e2c3ab41b28da9f6de

  • Size

    13.3MB

  • MD5

    a2dac4450c8268e2c3ab41b28da9f6de

  • SHA1

    4c112829564be4fd7208b5388b641a8ab68eefb7

  • SHA256

    a6f0edcc4248c96cf33015626c80868eb1c9ed47198317c7add48ce23638c83f

  • SHA512

    bc58ad5a68d7f3238bc59d775b28fc195859f3b42f20cf12dc8748d7f2e4e5d25d7080cc260990262f5d5760ecf51be5d9330c5a4bea7e886c33959bb6c33f82

  • SSDEEP

    196608:5V8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY/:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2