Extracted

• • Target

    fc9d27ffa867f7f49dee1251dae0344e_JaffaCakes118

  • Size

    14.6MB

  • MD5

    fc9d27ffa867f7f49dee1251dae0344e

  • SHA1

    442c6b101cc68df05cafe8503d4b24647dfe980f

  • SHA256

    fe7eb1248703a1dad025d2a6095acc77e8b3731cf282ac652a0b6d490ea0832f

  • SHA512

    d1fe29b5fe0d2ffa19ecd9641086954df472bd7876ecdf14cbf84f0b3f8365985adddcdc927fa81ce160d7de67ac3216d05b8b8542cfa52b4978073342e9fcd1

  • SSDEEP

    49152:wjrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrX:S

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2