Extracted

• • Target

    feb515efe8237480211f2fabe3976bdf_JaffaCakes118

  • Size

    13.5MB

  • MD5

    feb515efe8237480211f2fabe3976bdf

  • SHA1

    d30c04512b4e2a34f1825b1fb8742be1d004cbc0

  • SHA256

    2668ea58977d5457c1bcb28d04d1b55692fc7d6a64bfc3413a2cede20e838cf4

  • SHA512

    a3eedc03386d4732ccd22bcaf04a4470bd711cbb3511390abe10394a4fbf5e1309adf549005816784a7e54ec1eb2f2bcdba1121bbe4bbd8460193fa3d70b9a8d

  • SSDEEP

    196608:r+TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTn:r

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2