Extracted

• • Target

    e3f74ef5248c6d6014ce0c5d671015ff_JaffaCakes118

  • Size

    170KB

  • MD5

    e3f74ef5248c6d6014ce0c5d671015ff

  • SHA1

    4da3d2f7c74309828f5d1eb4d4df4f3772164dfe

  • SHA256

    dde9abb39c31d5f0addc50550cf29814ff3d4fb5b40b10a6cafcc739068db03c

  • SHA512

    1c07bcb87fe4436152c72ad276e176aa73882b7c6b20e4bb43e12ce502cc8223bfb3567e9acc0f947c63452b135a338748ec55e3cd261fb185ef843b51a1faa1

  • SSDEEP

    3072:tViOD5r8aEvaRCJM1hJiO5ZLk2j9rIU35J1CbG4K93GvoxEcowB1j:6G5bp7B1T1aQ6dwB9

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2