Extracted

• • Target

    2024-06-27_d5483c0ac3f27c4120a89481577d1a27_mafia

  • Size

    12.7MB

  • MD5

    d5483c0ac3f27c4120a89481577d1a27

  • SHA1

    1dcea0d988534f7bcb8888b90576fa710f0b2713

  • SHA256

    f3f8ead588e2333c6e66a48384e0ee9a04f36b4c0ddfa6a35e2b8724b93e427d

  • SHA512

    d98b9bddc09bff8ccb2c10cdccd1ecd529f75219bbab1d1937d7084ff5385c01a119ae8bc14858ff4849840b960c391fbaa69aa88b1466b3d3e366d796add97c

  • SSDEEP

    6144:++rWO2zeSPDjMXMH7Ll4aFpWVqIwUAP97GEwHrG2+e1x2:++r1IeSXMXc7LlxWV4Ug97GZ+ej

  Score

  10^/10

  tofseeevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2