Extracted

• • Target

    633a5b3f5abc1123356f2c859bcb8e50_JaffaCakes118

  • Size

    144KB

  • MD5

    633a5b3f5abc1123356f2c859bcb8e50

  • SHA1

    da720c363b880dbc5623e9584b62523fb4fba909

  • SHA256

    35e7dacaff1f83266879f8c1b8b87094b9afe181b397b3927561c74844e38d18

  • SHA512

    9fb9e0aa1b2d263e7eec9b065c1af0e5a72ec68f9c4cfa27a3bd46d259f1416f5c60a82cf01e80cdddeddb1463569fb5981fb36d000c8e0ffdfd20af1f353c8e

  • SSDEEP

    3072:uaVP6HaGT5SR8fGzIpYDx1cTqO9lkS2jbxWGqXJ:uaGoEpWxSbGqZ

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2