Extracted

• • Target

    aca6ce478caeff079e8c9d1bbb063aed_JaffaCakes118

  • Size

    279KB

  • MD5

    aca6ce478caeff079e8c9d1bbb063aed

  • SHA1

    d36e184d120f71b3c430c4709a64395921ab2e46

  • SHA256

    1bf28e028ac03bf57bea8030dcecf8275bb84619348fb6b6fe834e8b8fe8113b

  • SHA512

    291ad5da14c0c1d4f5c96d8c3b5e909a992d7c532df948e8d8a816287a1fa1b9a0f5043cebd082ce2c60939ec8c931753141300bb5eefc88d24730442e0a2f21

  • SSDEEP

    3072:VWWX+oGUd1Qcn50hOK0Ypc+tSVipzFIgBi/tNL2AMmbvlmMyoOPiW5ewkkT4rbo4:4XO1QuuO4plh7BwtojqlQDLT8wS

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2