Extracted

• • Target

    25e45ae62147eb401b332a1bff694693_JaffaCakes118

  • Size

    10.2MB

  • MD5

    25e45ae62147eb401b332a1bff694693

  • SHA1

    8bd56b03390f2403549de9263e6ec191bec99284

  • SHA256

    8765a0812ad0542a674be1585e4fd6da359621b5f19da44309bfb4cd02eedda1

  • SHA512

    757075e4a8e740e7be2317529cf9b38f4e2d752f248d153eb3ee3755992516962b82819d690d201abd8e698465af3c78b7ed36df615c8ad9fc885ecc716d5695

  • SSDEEP

    196608:mE/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvn:mE

  Score

  10^/10

  tofseeevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2