Extracted

• • Target

    bbdacfb055cd9a8e21959643be78b43f_JaffaCakes118

  • Size

    11.2MB

  • MD5

    bbdacfb055cd9a8e21959643be78b43f

  • SHA1

    05fabb2d2299e9741c3c86c7ddf1ae95f31fecb8

  • SHA256

    797808465480def87e2d18fc4a86b69ab31d19f5c87a6d8b1add7d72902e83ce

  • SHA512

    b0a191e1e12dc9807d6666a5f56c2a08eb22f06002e8d3927df41e2535f0c6da8b62ed1a8d26fe718ae000dbb35571c01d8b6094ba261b2f1b3eba184e127473

  • SSDEEP

    196608:nsvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvn:n

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2