Extracted

• • Target

    7777.bat

  • Size

    184B

  • MD5

    0a189696791314d2c06e9845ce37322c

  • SHA1

    2e904862da7a484b399be314269913f878fd856c

  • SHA256

    bdf4e2f639a995cac116e129771fe1b77f2b86d4b243b76da12824607520e557

  • SHA512

    f89e087e87406fcb1d4577fd72697526f4ded5573c09f17400b0b55cc23db50fe8df2009a767ea9cc628181dd044d1033d66d0ca0ab764acd9d79c323fc2fdb4

  Score

  7^/10

  • Deletes itself

  behavioral1behavioral2

• • Target

    msdlm32.exe

  • Size

    83KB

  • MD5

    4020fbcc7c19e735fafa725bcd3ea2c5

  • SHA1

    bec43452d9f0d61192bc3851b012cef31882ca02

  • SHA256

    85619645a77454990bb4e730dc87ccd630a4e01f04a10595278ac5c115effac9

  • SHA512

    7bd6570d5bc4edfdc7e8cf2880707a84ac3d61f83090b529305520d0871181f060d539c587ffb981180de84d448cebc9e0e3cc1c96cda920f69d9952ccd1622c

  • SSDEEP

    1536:P2EsPRwdL8AlXUBWCDTsG0QGcn4Z6v/Ea6oVaodgyl744BDK:OMNlfGd0QGbZgEaTVVdgylM4BDK

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral3behavioral4