Extracted

• • Target

    2024-06-30_b4c141e1b4b0b3d6dc0a4403f2a1cad5_mafia

  • Size

    12.9MB

  • MD5

    b4c141e1b4b0b3d6dc0a4403f2a1cad5

  • SHA1

    c10584b5259f0339530218dc0f133c63f8fec9ba

  • SHA256

    4712247fd59b13512019fdaca5f34e6c9f1fa3d2755b0be2a74d069e957f9600

  • SHA512

    ef5c31fbc42ac75e634109c6d4275578f9b12cc691a5d9a1d9a2831cb51ace5796ced5515eac16518279e3a47f23492396b09861df4741995b4d7109b3348018

  • SSDEEP

    6144:8+rWO2zeSPDjMXMH7Ll4aFpWVqIwUAP97GEwHrG2+e1x2:8+r1IeSXMXc7LlxWV4Ug97GZ+ej

  Score

  10^/10

  tofseeevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2