Extracted

• • Target

    fd4589d275f0e0321e31a8b317ea8695_JaffaCakes118

  • Size

    11.8MB

  • MD5

    fd4589d275f0e0321e31a8b317ea8695

  • SHA1

    8e5e57f7aa3e5554072e2de2a00d0ba039c3a56d

  • SHA256

    d27317496cdfcf567823853f13ba4cca1d89c026034ffff2b9e776374d388010

  • SHA512

    11b1fd8542ae7bb85447f51571307303162f3ea5f8d21015cc801d267e5d519832cca8bdbdc99202a0353963c580e9da864824a3922166a0b1c5093c8d0541a4

  • SSDEEP

    12288:dl5qOcvT9o+egMU+HoWfprc0sssssssssssssssssssssssssssssssssssssssX:vcvT9ofeqrc

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2