Extracted

• • Target

    fd25a9c84be208b088379553ff30606c_JaffaCakes118

  • Size

    14.2MB

  • MD5

    fd25a9c84be208b088379553ff30606c

  • SHA1

    6de24b33594778df7f9c3fb4dc695e0434b4c474

  • SHA256

    93474a8dc670337caf536fd0eac0d70d5d6856fc46db7493f8a982017c9e68c3

  • SHA512

    360d771d0ff2991dabd265fef1e52d02a7faae42e8cbae3ddf06ade70e5bab01adf9a7d6bf26062bc054fde2c7bad224fa9fa15cd5282b1f68938ce0ece3c566

  • SSDEEP

    98304:lNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllL:jW

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2