Extracted

• • Target

    918ec60cf64e169e449ebac4f6185a04_JaffaCakes118

  • Size

    156KB

  • MD5

    918ec60cf64e169e449ebac4f6185a04

  • SHA1

    10372b0c44f180166dd725f492edd22f6ac5dbc2

  • SHA256

    0cccbc24a88e2550c51dcddcd59d8bd7bc93ad70c87cdf6b227208f01034e586

  • SHA512

    8ee819e1e7ec75739cfab92308771483cfe3c3a4b23beeb52189d7f8f65dcd817434bcf89e5d1653101fffa2437134cd547667883e997ef29b611ed1835c49ab

  • SSDEEP

    1536:vByRsHaqTlSUl41dB29VJlq6RLdky6C6l7BLmOtNCL0PiWTHV0DgSKuBpj/LyTd:0SHVlSxdWVLdSl75jvPiAHV0EM/Lyh

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2