Extracted

• • Target

    fa7eb833ddb31733f76af6fc01fbe0bc_JaffaCakes118

  • Size

    12.3MB

  • MD5

    fa7eb833ddb31733f76af6fc01fbe0bc

  • SHA1

    6ab6f27a19106b3f84c88163724a575447e98b88

  • SHA256

    d15758a074e417854204a6340e7fe16b3ee93884c1f9e2abe15a1cd36d713817

  • SHA512

    24d20d8c1e75f512347ddcc623df21f34ff6da4325ea3256d9484bd47458f847048a7e5a5e897713126bddc3b0a0dab56e5e925c025560ba87c0306eba2e4150

  • SSDEEP

    24576:a7l000000000000000000000000000000000000000000000000000000000000D:c

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2