Extracted

• • Target

    9f3c94a238a6c4f521f1e7269ee03ea2_JaffaCakes118

  • Size

    11.8MB

  • MD5

    9f3c94a238a6c4f521f1e7269ee03ea2

  • SHA1

    4bace04fc096803ad06afd0bb1480fafb475ff2c

  • SHA256

    2b526e3d6299bab06aa1ddf22f546aa5a1972d39019ea98ccda44e75f0a74065

  • SHA512

    1ba61535510ac498649852f3e548e71d5dd0ad0ed455c2c5367d937bb994a68c8b5cac2aff0d45759c0203a3f5124f7463f2797413411eaeabc2899bb12c3a11

  • SSDEEP

    98304:euuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuO:

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2