Extracted

• • Target

    82ea87954b04fc372f6d7742c9a8c1ba_JaffaCakes118

  • Size

    142KB

  • MD5

    82ea87954b04fc372f6d7742c9a8c1ba

  • SHA1

    3a5a3225a254b8439f4b47547cee90693fe54d71

  • SHA256

    c9bb0f5190af364135375275be990f63233814ea6fab7ddaa4b2d21895945077

  • SHA512

    98b62922cdd6fc243a4d1fe7ad2da5d71f11f8d6b92193d093dadd8cce9a240dbd5eae3b07c432c6b2ab5ff549946bc89d1bb8f025b1f409df74bcdd00f673c3

  • SSDEEP

    3072:kO8/FLfgT6rzTkYfiL2+jKfgi4m5nuGFU6W6WNE6b3U:w9NzwFLnKP46uC

  Score

  10^/10

  tofseeevasionexecutionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2