Extracted

• • Target

    edfdef59f92fee006518e57f2f8f01b8_JaffaCakes118

  • Size

    212KB

  • MD5

    edfdef59f92fee006518e57f2f8f01b8

  • SHA1

    3b8065cd942b517b402af0cc93f41c0dfdd5dd15

  • SHA256

    ae5169a9295d294594533c5cce04ff557eddeea30963e2eb81f5df6cdb6304cd

  • SHA512

    f3b78c90f28047c6a8ac97a25fce50a002b718b451eb5c66edf39cd4a510dd3d95f652a1839b3c41d07033e00ca6d76ec41d2b6b01532430c6d80cbfbd62ff07

  • SSDEEP

    3072:3d09mZ3vD7RpNh8xvv5z2LizudUfgF8qNO5GM5aEADQbkt/KyJh045Fmxb5k6Toc:3d09mVr7RLh8p5z2OCdULWvDTJle98c

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2