Extracted

• • Target

    8deef6bb4672714d07c277047a4c5ec3_JaffaCakes118

  • Size

    10.2MB

  • MD5

    8deef6bb4672714d07c277047a4c5ec3

  • SHA1

    e8fb30d3f6a4f9e98128724d68646cadab62ca14

  • SHA256

    cafcc44f7624f3ddd40ca744b82e383f4b8876ae3396f9c7212b50a69e3ef6dd

  • SHA512

    f451cb75849d014c8b88523ae8bbdca702efe1efd48f31129c670805f4635242a5914a34ced6f8bf0cb86a199248e858839b3106420fe2f7802e4d1ec2553c7e

  • SSDEEP

    98304:vjDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDX:

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2