Extracted

• • Target

    592365bb3ca24f3aae7c675640de3b38_JaffaCakes118

  • Size

    14.6MB

  • MD5

    592365bb3ca24f3aae7c675640de3b38

  • SHA1

    0d0042360b1ea1ac5d4868e370220264b84393b3

  • SHA256

    babdbb236a46ff8da0ad397d0ce4657ce9f36179b4a32d47824099245c0d32cc

  • SHA512

    23e016c84537a039e8fd1388ab25933169e2a18c9728460379d2fe2f74ea3a6b7f714a5f65bc049ed1b8af638a66fd0dc9df3f42e01660e8416707282da9a975

  • SSDEEP

    6144:6tSUszifRNkttttttttttttttttttttttttttttttttttttttttttttttttttttL:oS0f7

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2