Extracted

• • Target

    307644b1154391b4f425896da8efd9480fb3dda0f56c633b08c32058f5b469fa

  • Size

    10.1MB

  • MD5

    ff3556fcc81946e1a83ab271568bbd36

  • SHA1

    2e74da5aec95c19c0521f80b0d019058c5fa2fad

  • SHA256

    307644b1154391b4f425896da8efd9480fb3dda0f56c633b08c32058f5b469fa

  • SHA512

    c4c583736516d16ef249169af8668dde9e7e06cc534538c68e594bd68ca284784f5c766db8cb796669362bf1816e58d1790b38ffe757cf0a08ed4bb69d890eb6

  • SSDEEP

    98304:qC+PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP/:p

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2