Extracted

• • Target

    f98cc65337ea6c995f6af7bea54a1b88_JaffaCakes118

  • Size

    13.2MB

  • MD5

    f98cc65337ea6c995f6af7bea54a1b88

  • SHA1

    388096691f92d4cfa2123ea242dcca5b2dbaa542

  • SHA256

    033cc64af4d9e217e27392f016f003250e17ed026595cb682b5504298ef4cc12

  • SHA512

    7037f54701e9ebf699c76f8ff19a19195d004293bbd2d562ddcac86ecea480fbb4bd6f12c2b907f4163b671c22f8d52e47d636692e41995551f6e376755050fb

  • SSDEEP

    49152:J1yvllllllllllllllllllllllllllllllllllllllllllllllllllllllllllln:JA

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2