Extracted

• • Target

    f32ca9eb5d903eab1e1a44925ad6b06d_JaffaCakes118

  • Size

    14.4MB

  • MD5

    f32ca9eb5d903eab1e1a44925ad6b06d

  • SHA1

    bfade70a1efc8b1e6080ba077b11ded84c6459e5

  • SHA256

    bbabfa154211eda8107840625da2a440e6c9ba85aab42a8d870a5f862caf4dbe

  • SHA512

    a22e9a2ed01b8021f5f74af0dded81523a63c907742242d298c1290feaf616f305b4af045a6b31ff862722bd1907f3a9d338ed8707d0f04c721e9a3d44f39ffd

  • SSDEEP

    49152:lc67fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffv:lc6

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2