Extracted

• • Target

    f8da8c7403f48e779b019347774fe670_JaffaCakes118

  • Size

    10.0MB

  • MD5

    f8da8c7403f48e779b019347774fe670

  • SHA1

    34e5fb58342872225e0efa70ba9b1f0b8cd9655e

  • SHA256

    15a6a7d1b4839bcaa784303b0c9e05bce24f556efa0d36b05ef3eeeb87ba7805

  • SHA512

    eef7a2f01fd2c3a51c0de323e34e6f2ed5c509b713d7ed811baeb98d6990e9dbc1d6cfa99cf643cd229a19febcc1624ec3ad4525ff4d6657d4799d4327872a3c

  • SSDEEP

    6144:UrZQVnJzxj5nP76vk7wQ6udJm1lzvGCUWlnpj:IZ2zxj5nPmRQ6QgjzOCnl

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2