Extracted

• • Target

    dde7cbf86f417af475da245ca768b89b_JaffaCakes118

  • Size

    169KB

  • MD5

    dde7cbf86f417af475da245ca768b89b

  • SHA1

    697f90b33dd16a9d349824724d35f2ff56fe3a54

  • SHA256

    44096f069d68b101bae728c5c3d9b025245962ace023753b1aaa761aff80b880

  • SHA512

    99a80b453a9d52f2c69fb4752a451361e9791e8bc615c6327a1d3ccd53c535ee8c6cf281839ba6cf6b736af4a2b93da6d9a54552387d9e3cdd80e36c51cee28e

  • SSDEEP

    3072:UNnz4Uk1hIMY8JCLiwMiCQcLUZtFscyB+uSJJtqbqSy1mRsn:UNXkJY8JGCbZ9B+uGi4mRA

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2