Extracted

• • Target

    f24e01b5427f0548a8b5fcb06a03d6cb_JaffaCakes118

  • Size

    12.0MB

  • MD5

    f24e01b5427f0548a8b5fcb06a03d6cb

  • SHA1

    c1225c08af8b71beeb8e934038ca10b8edcce686

  • SHA256

    f8b2c110a680ee0fad4fc129351ad835fb959bc6ad5c99aa707aec7887affee9

  • SHA512

    09d65fa5696a76932abdb0e5e647592a643baa3080205ce1d4eea58123e21d92776c002aba63c68fe1f1bc407963803e2913e5db11e5e80a909cc0ab139191a1

  • SSDEEP

    24576:cT8rgnPp+RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRf:sp+

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2