Extracted

• • Target

    ff3b549a7f1ab5e6afea72312c41f32b_JaffaCakes118

  • Size

    14.1MB

  • MD5

    ff3b549a7f1ab5e6afea72312c41f32b

  • SHA1

    61268b3482f2580b105d7847be9c0a191c811eb5

  • SHA256

    7de98713dc8186de58d01dd68413711ab38d71cd2203610d0f2d77f05473d9d2

  • SHA512

    80fc2e375f09efd90fe0860d1476b3cb2e6679e19003692a74d8c32b6a125413f42ea169be5602dcd2d8c148da10eb722191c171e2bb40fd6df0a2237c845d99

  • SSDEEP

    98304:oYjPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP:o

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2