Extracted

• • Target

    214ba52c1fe0615bdf8b110de5a54800_JaffaCakes118

  • Size

    106KB

  • MD5

    214ba52c1fe0615bdf8b110de5a54800

  • SHA1

    8d14c8471ad2ddea020c6283118c8031ce7f7194

  • SHA256

    4a98211c5559002c943be44e52f37e9362b06f3e384625735e2170ef215c7edc

  • SHA512

    d7f95da24b99e6e347cd64c508460f8b747cc110d3fef4667d59bd8894a97f72a4dab5b11b9f48649185f0248170b38b77ab5ae3d21da2d9665cbd347d763599

  • SSDEEP

    1536:pDfF/yYugpJ+BsxKlb0Tz7OOFGHWy4TmQsdLB8Hdez8VmF2jbxWGq6:pDf1y0pJTxKZUOOcICBU+QS2jbxWGq

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2