Extracted

• • Target

    d3df5dd279badd783ccc9755d131bf8b_JaffaCakes118

  • Size

    106KB

  • MD5

    d3df5dd279badd783ccc9755d131bf8b

  • SHA1

    adb71b13c9c6780a1aad45ddf8f427564e2ed329

  • SHA256

    b88007fbe1d0fb4751db6954ae6990a0c4c3cb52c1f896ce0ad7b8776cdc3c53

  • SHA512

    85823c21ed224f3c1f7ec795cf70b7829a63864cbd8205f8703036f20ae6929b8b12e8017ffd01b17d8d1aaecd75e9082433e826d5bcce392c55ce052b6e7f34

  • SSDEEP

    1536:KwGVxjjSw7LhpTkVC2JH5ppXSdv1oyotxGcC8HVXSC/jPQfLy2nlJX2jfVTQGTg:XeVpmC2JH5p01KjbHhjj2nTX27VsKg

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2