Extracted

• • Target

    fc1d66c4d7ae9e6666b1ada915b7ef47_JaffaCakes118

  • Size

    13.7MB

  • MD5

    fc1d66c4d7ae9e6666b1ada915b7ef47

  • SHA1

    5cb80106721e4d8a0b87eee4a747ec12ca277c90

  • SHA256

    a26ca3465b8713a3686b8c4bb347232255e9ea0e35daed51c8ce1e02fd808e35

  • SHA512

    e34dd1acd21e345d7e8f767971fa4044bef67e7752dfbea952204b4878ae9451c22a8274a10b2b6b085ce781f824b26bc1365429ccb0f45921238498dd57cbd7

  • SSDEEP

    49152:ajrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrP:M

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2