Extracted

• • Target

    e8c5a3c57faec2cdbf9bb810bc1e877c12d9358aefc4f2d68b63cf8c0fdaa6eeN.exe

  • Size

    185KB

  • MD5

    b0616e972f3b00f74147aa625be518f0

  • SHA1

    c46fc483221ad81a033a6b14dc57c923976da3ee

  • SHA256

    e8c5a3c57faec2cdbf9bb810bc1e877c12d9358aefc4f2d68b63cf8c0fdaa6ee

  • SHA512

    f57e38c8e96bdcbfb4eb8a9a3fd4e163a3d2ecffdbb85853e49da3fc27f7c095746c10f6081f2cdf7b253e0d6cd652cf6128f45a3e301b0333a820bbf88b0b82

  • SSDEEP

    3072:NeYyWAjeKlIYtJCLg2BWGzH6sugkr1fu73Gh5yv8Vm:EYyWR10Yp0Kkxfs3D8s

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2