Extracted

• • Target

    f3e4b3f22f1f557ad9aed99b8b9be8aa_JaffaCakes118

  • Size

    14.2MB

  • MD5

    f3e4b3f22f1f557ad9aed99b8b9be8aa

  • SHA1

    9c41524315acdf2d2e6c38959ae3f2b4337aa899

  • SHA256

    a7b7595a90d115497ba26e7ac70d71a499a0c0116a1f13f671eccbd8af89de8e

  • SHA512

    b8e72b697c42403f2bb94bf6fe003b6267de27f59f897749e63009b8b2c5275c1952237deff4039f09a8ffc494c45f15d77f3dc7b58cf2bf1be81fcd5e177037

  • SSDEEP

    12288:zl5qOcvT9o+egMU+HoWfprc0sssssssssssssssssssssssssssssssssssssssb:1cvT9ofeqrc

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2