Extracted

• • Target

    a5ca4b254625202803ca9bb51997336f_JaffaCakes118

  • Size

    143KB

  • MD5

    a5ca4b254625202803ca9bb51997336f

  • SHA1

    51d8c310843c2bc60f2f1e544394e9121f8678a9

  • SHA256

    d8a443c56778c4a63c706371ba7a7314f2ca508cfcc4936b8492ad53294107b9

  • SHA512

    9e5b57b284686468be12a2faf93043abc9f557b7e896e37736a1267c9fe4c45a7cf521095c22ddbb78c72590a2f23f5ba7d23b918adb2016a8ffa1384a76e278

  • SSDEEP

    1536:sKadl/7kGuThiTkUBb/L45GyrjTnxStAaJIRi6JRyMZw8obp:sKadhLueL45/TnxRYUOMnobp

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2