Extracted

• • Target

    357f765c8a9933ba3d7a4648ecd5d0f3_JaffaCakes118

  • Size

    164KB

  • MD5

    357f765c8a9933ba3d7a4648ecd5d0f3

  • SHA1

    b6c236cf63f9eb754af4174bdf15b06323899fbd

  • SHA256

    77b8a767e24da266946c335b5cfdcd599a14a7b13b78e335e29aedcd04c170a9

  • SHA512

    fab7ff68711f58c2247c4a670c6ac41af27f4b52fa1b5918c01ef9eecb4a1e751deabbc29d993053d92ef4f23d8794144deeba0583a53f88c0e86eb2e5c6ac96

  • SSDEEP

    3072:oqkCzLqWf6CYXHnWNKmp9pj6l7fyp3ZOWHh1z/a:olCzL72Xn/mljtkUhpi

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2