Extracted

• • Target

    fe8e61ef43583c2d6a67c49f626c657c_JaffaCakes118

  • Size

    205KB

  • MD5

    fe8e61ef43583c2d6a67c49f626c657c

  • SHA1

    0f067362b6285e4858250c606c4d1587e4e41e72

  • SHA256

    ca90cb41af3bd78fcfd594aa6e92ba713bc8f39928f577036f97b62b9f2a8be3

  • SHA512

    6b8139d7c51c057c886d68e06998a0899756d81fb3cf9288c36accd1146c05213f7715b8e34ac9be2bb78f652ef67cd1282a7c57bbdbcaf39fa608038618eae1

  • SSDEEP

    6144:JMmdbOsHCU8TCOXlUS9f6mLTjr5/FUv0A+YpYA9OTZIu:OISsHCU8T5f9imLndyv0A16Tv

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2