Extracted

• • Target

    fa1d3a7e6a5aac89ee6af04cc2cf067c_JaffaCakes118

  • Size

    10.6MB

  • MD5

    fa1d3a7e6a5aac89ee6af04cc2cf067c

  • SHA1

    7fe48b6e2bb3b3ddc2f4ca7a84addf9c63b6af05

  • SHA256

    201e645c51aa9590e145a8de697e2b8f069c0962381e490a3b740a0af365c2ea

  • SHA512

    9456f450993ae25e005e727f7da536db68f19f175bc38e63c88d771e9c1b2cd385a78b54fa480faecb0e7d739103c366d7ed8d9c63a04e2c9993a0f4cb96665b

  • SSDEEP

    98304:ANWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllr:2W

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2