Extracted

• • Target

    552d5a7430ab696b3a5096cc2fa285d7_JaffaCakes118

  • Size

    98KB

  • MD5

    552d5a7430ab696b3a5096cc2fa285d7

  • SHA1

    e7d2191411b7f68f944e2987747efef2a115492f

  • SHA256

    a31292a3266ce5ccac7c99ec719fd689e1f0d21cd06045aec3a55a3e9907443a

  • SHA512

    9ed17726f8833663fd2043264d6109cccc3a2eae67f2754fca91aaaa23fcba7efd2dff26dfb1fea994fd8b127e5796000ac98a5055e2b9f15bcf6d920e69d88e

  • SSDEEP

    1536:YoM78a0P/mqqj7HHLW6a9DPeht5vmiKRmjTfHtLyv/Hd9gd4xZcYcTXwG:8V3i6a0htJmrCHto/9U4xxcTXp

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2