Extracted

• • Target

    f4a1a471691c36aa371295464b5482c5_JaffaCakes118

  • Size

    146KB

  • MD5

    f4a1a471691c36aa371295464b5482c5

  • SHA1

    7bb69b619cfa281c60166bede7b22a0872738681

  • SHA256

    7bc212272b8cf5e3abd1fe04a29aeae341553ab9b333798700b166cc294eb62f

  • SHA512

    46d5e9496b8722a120a66382e11ccfa30e12b562828044647d8ed301a37768b9b34f370bdc158b963bacd6777bdedd2095a9f5e9e406ef3f45d8175e6e4bf858

  • SSDEEP

    3072:AjDbOZg3wL70khr+yFt9bpJpvJlQz9Hck/:wOZd/lJbpz/QzRb/

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2