Extracted

• • Target

    f1bcb7d5244183f7769af344a006781e_JaffaCakes118

  • Size

    13.1MB

  • MD5

    f1bcb7d5244183f7769af344a006781e

  • SHA1

    9a4fb8b9d36d1093b907bd00beb2244d13383300

  • SHA256

    a76d1b8d639dd74017ff5501f34a3cb2b59a0730b87a3663c82137a523ef23e3

  • SHA512

    8976637ed27c92e7f1a036e33885091a075727d1b56b4ecccddb9b02121d54e539888ebe7ef09dca410691fa41311fdfe73cb69a96c8134e70130e69d77b54f5

  • SSDEEP

    49152:T1yvllllllllllllllllllllllllllllllllllllllllllllllllllllllllllln:TA

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2