Extracted

• • Target

    0ee3b729ec821e3c2cc92e2604836b13_JaffaCakes118

  • Size

    12.7MB

  • MD5

    0ee3b729ec821e3c2cc92e2604836b13

  • SHA1

    cbe962cc4ec46f2c6be966ea974b7320ad72c10e

  • SHA256

    1a492ad6535cd37ef709e803d55e4bf9086eac1ffe5d5b3f93fd54c2e0578733

  • SHA512

    7025ad83ba44a2da1e6e951950f38d7239924c11d21d6931efb29be0660596cdb8c6be42cf9614646c6cb27148ae2979fb149550b7d15cbcc07e9e756bc3ea29

  • SSDEEP

    98304:Z999999999999999999999999999999999999999999999999999999999999999:

  Score

  10^/10

  tofseeevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2