Extracted

• • Target

    86904bef92845b067a76d08ade4cc08b_JaffaCakes118

  • Size

    184KB

  • MD5

    86904bef92845b067a76d08ade4cc08b

  • SHA1

    33ce7286d3a5f2cea3c5197e63fcbbc6effa026a

  • SHA256

    0fe8469cbae130d45ae34e6c0a5c234928ad3776c4999ef03f065f960729408d

  • SHA512

    7db74feff0246d8d5564cccbd23dcc555147881c7733f79c6013f9dcfae4f5f8d2fdde28722794665c73fdf85dd5f5d0a895fb9372dcc6fe0170b51cf1b293e2

  • SSDEEP

    3072:r701YAYMLuPz7KhO0uZmmhi7hX0eZq5Y:s1FIL7j0cmE80eZ

  Score

  10^/10

  discoverytofseepersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2