Extracted

• • Target

    de8c712d027543582b3c5d08ab387bcc_JaffaCakes118

  • Size

    205KB

  • MD5

    de8c712d027543582b3c5d08ab387bcc

  • SHA1

    a692abe0f944ef065e3399f648e74d4af4b3c7d8

  • SHA256

    83437c51b75f53b5798d45993b701ba8c51ffe00f8fb4f0529b503a389841f41

  • SHA512

    cb8a1ee46dbffe192fc539bb000e4e1b96bbc0cd4e98cc29ae3e875da8aa138b90cf4646430e2b3365c11c4d68d7f36cdc9a6995fd9de5df34cdb89564908187

  • SSDEEP

    6144:CgmdbOsHCU8TCOXlUS9f6mLTjr5jfD3tVuW7I:DISsHCU8T5f9imLndn30

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2