Extracted

• • Target

    45967aa94e05993a238471256c76cf50_NeikiAnalytics

  • Size

    10.0MB

  • MD5

    45967aa94e05993a238471256c76cf50

  • SHA1

    7eac6fa92215523db5d653d7908cac6f4d98886e

  • SHA256

    b95cdea4530305336110efedcb5c7253abe364a9dcffd3480d0e2eeb7cf7d22d

  • SHA512

    725d93c0a67569e877a0bcf1ee4b66eeec722b416079e0925c14088c303d06f2471a06dc419dbefe943650c2f426caf50294f663fb5dbd35b3d4c8abdc775abf

  • SSDEEP

    49152:TQfztttttttttttttttttttttttttttttttttttttttttttttttttttttttttttN:TQ

  Score

  10^/10

  tofseeevasionexecutionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2