Extracted

• • Target

    ff7abacc6eb717ab0762f0b2f77bc28a_JaffaCakes118

  • Size

    11.8MB

  • MD5

    ff7abacc6eb717ab0762f0b2f77bc28a

  • SHA1

    4f52a940cfd2ec6e553f2e1a8a736c990bd65a40

  • SHA256

    d8369336f4c5bab691e2fc846c783ac565c2a935a43ae3d982847cf8321f3a97

  • SHA512

    49ed6f215b007569122e2be67b3e1864656cf0038c127e2035fe1ea6c26d7b6be4f074f7cefdf93892eff8821f4c121d4b69450d6dccf567df953c01c4a49619

  • SSDEEP

    196608:wV8YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYf:

  Score

  10^/10

  tofseeevasionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistence

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2