Extracted

• • Target

    bcf4c946da725d4d376bd9300833d538

  • Size

    324KB

  • MD5

    bcf4c946da725d4d376bd9300833d538

  • SHA1

    e6a2c22b750cc30f32438a272b7ebe71551b5bb2

  • SHA256

    431c0c3d74a61d4660877d2b7a47091ddb96f8500bd70d0deb9fe20b613c7669

  • SHA512

    6530d18d36b920c381b1d9c04ddac29a83303a11be2b83309036f51a614eb1d43bdd65a143f017ea7901a28460e0fa01b985f972cfe8c038d26861f8758f1a18

  • SSDEEP

    6144:g5UTudiB8zJswdkM751efBD0c6hAKOFDCDG:9udiizJsed1efCc6hAKOFCa

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2