Extracted

• • Target

    80e345d808b560e868c6644e64eeb241_JaffaCakes118

  • Size

    13.6MB

  • MD5

    80e345d808b560e868c6644e64eeb241

  • SHA1

    c9eeb020e47b0e3afadaf06a0216e1bfeb4a9e36

  • SHA256

    255f7c2f55efdb1e69fabbad4a24d8156c7d66964c6b1257a08bf76d241fa33f

  • SHA512

    6304515800e9e9a662399dea3cb99ce67fb950408d3ba1a3c826978f2f2c6ac0118db24a4cfd3e9169f598c1fe033e8eb470c747edf7eaab42db5750ca2d3bf1

  • SSDEEP

    98304:fJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJ9:

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2