Extracted

• • Target

    2024-07-01_5d2e671530ea99e8d6211a1c38fdbbbe_mafia

  • Size

    10.5MB

  • MD5

    5d2e671530ea99e8d6211a1c38fdbbbe

  • SHA1

    26e4576726810b824d299e6b36bf33cbdffa4643

  • SHA256

    6a6941267ae0c7a98e3854814083c17dfe43da830acd256a74ac072d8a00a7e8

  • SHA512

    3ea51bf4ff4ae6ab2aa965f8b4e67379efa8a6c6d7b0e7079deb05b9b526e77605a2d4208b0b9970ad58a247ef7419938f7a422aa163321602670c95cb2b4a54

  • SSDEEP

    6144:A+rWO2zeSPDjMXMH7Ll4aFpWVqIwUAP97GEwHrG2+e1x2:A+r1IeSXMXc7LlxWV4Ug97GZ+ej

  Score

  10^/10

  tofseeevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2