Extracted

• • Target

    234ec5fd68cd2fc80c2927c4e5b16862_JaffaCakes118

  • Size

    153KB

  • MD5

    234ec5fd68cd2fc80c2927c4e5b16862

  • SHA1

    863affe6694278557d5d1797b949ebdfff5dd375

  • SHA256

    d6b2eae2b185d2df5a6b9fa584922bf492b3b4ef55068c18fe440c371f3afae1

  • SHA512

    b9fe4156e59ceefbfdf9d09088257fff43cf2caab197efe5687fc12a5c8efbbcc57619ef12d377e47207d0762e5bd5196d2e210d190e98e6c4ae2d5f0fae1d25

  • SSDEEP

    3072:DXkL9Q/41qA6hg8QIWcQ10SjOq1OXp3TCRthTc7RzeAyddL7le3MRWD:TkL9XqLhhF1GOqU53W16zezHMM

  Score

  10^/10

  tofseediscoverypersistencetrojanupx

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2