Extracted

• • Target

    2c0c2678b5b28f3ea907ca453c439cff_JaffaCakes118

  • Size

    14.2MB

  • MD5

    2c0c2678b5b28f3ea907ca453c439cff

  • SHA1

    42d910a108e92d204b54a6f69b224ad20b144872

  • SHA256

    326afe31d4029fd6bb8221319ea23a52d145c9f1f4f85bdcad3ae9b4318adb4f

  • SHA512

    30590b294e4c17b37214edc4f798a63fb994a8538eb40e7d9705302eece5d3f785c8d7de1eaf4bb83694652589b69d17da0970e4bd0324a2621a068cc1042e65

  • SSDEEP

    49152:A1yvllllllllllllllllllllllllllllllllllllllllllllllllllllllllllln:AA

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2