Extracted

• • Target

    d36b567510f94d57d1687552eaae6dae_JaffaCakes118

  • Size

    255KB

  • MD5

    d36b567510f94d57d1687552eaae6dae

  • SHA1

    643a4eeed3eb21ca7c0f5e719fa6b525d828c988

  • SHA256

    53d16ce250b4493be862273542deac2e51ccdfed582296e2cccb8f5ab0a71ded

  • SHA512

    f7c1e477a8bb954012f2d0a3dbdcb09831e7ef045cf884068558cc1d6b1d2af3c91532303d107f070f389259220bcac33db81ec27d0f53f0099d46e57bda8ef1

  • SSDEEP

    3072:qEm2GULHYJlIwjXgWcdqylAHRWvLhPep457AYDikDbZp457ATCDikDbZp457AYD3:qsGUMMwL5cIyqu5J

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2