Extracted

• • Target

    1ab83e7ec4c3ee17c1c634ab184ccb64_JaffaCakes118

  • Size

    10.2MB

  • MD5

    1ab83e7ec4c3ee17c1c634ab184ccb64

  • SHA1

    a17551f428f71a31115b2bfe359180c29467e09f

  • SHA256

    69f551998396b69211de7617d4be4fb25eba4d5ccf33f7c2305a90a1c592e944

  • SHA512

    999892fc83da3165b84eb700276b789fa58573c3146da9c395dc40516c499698426c72db199976bfbbae4ea1a7255440e0ba12dfaf5e7d7a1c4ba6dfbc06364c

  • SSDEEP

    49152:9PQwlooooooooooooooooooooooooooooooooooooooooooooooooooooooooooH:dQ

  Score

  10^/10

  tofseeevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2