Extracted

• • Target

    f3f2db53df6a8bfacad1f9505974507b_JaffaCakes118

  • Size

    13.8MB

  • MD5

    f3f2db53df6a8bfacad1f9505974507b

  • SHA1

    af188ac402c82241975cb6ff17faf8314fd6c80d

  • SHA256

    610cb49791e670b6896af06ee549ee7aa56979e10e0b353044949ccb3ad42c7e

  • SHA512

    a1ec956694c021bb4a89c1b0543e52462461e2ffcc70f04ea29a3f4c509784e65997602835df1867905e2cc466c1f8bd8d7755abee8d3a33ce02ab40a38426e4

  • SSDEEP

    49152:cjrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrn:W

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2