Extracted

• • Target

    25ec7bc83646129d0954a3b66df90831_JaffaCakes118

  • Size

    93KB

  • MD5

    25ec7bc83646129d0954a3b66df90831

  • SHA1

    b2ae78deb90c0854be749bf5b87d02f92c480083

  • SHA256

    305d4a8940fafcbbea69953d2331f5d32eccb57f4ed86b5068195763c429e70c

  • SHA512

    38c32444bcf984fc21b28e9090e061f4d168c0be690b2e3275c6ad69f6b2a5b886583232b1537740360ede6a30978e9c1d80a777c2504fab1c87002163d91648

  • SSDEEP

    1536:F3xa6sMWEdTp18p3qZYMedp9bdDkasbKm3xf6VpcI0nYDWRhXgXl:FhVdN189qZYM0GaRm3FQpuYDWvXgV

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2