Extracted

• • Target

    9529373105174adc561ae1e09488e8a6_JaffaCakes118

  • Size

    10.9MB

  • MD5

    9529373105174adc561ae1e09488e8a6

  • SHA1

    37d8a3f5cacc07f043212479e5a116010e455b17

  • SHA256

    baaf5d81ae65db81c169c4da786d971683a1bafb848662d0202d80b0d0266d0c

  • SHA512

    5fab1a29fc6f6cdc13c5eba140d0b6b76efe895358aeb550aced11b2609905899ed4926a9ab02b315c5cd1b108b99640782d57a8a5108f021d032fa0128fea2a

  • SSDEEP

    196608:Xsvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv:X

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2