Extracted

• • Target

    d94ee1c68667971dbc94fa29a51425bd_JaffaCakes118

  • Size

    82KB

  • MD5

    d94ee1c68667971dbc94fa29a51425bd

  • SHA1

    8fa0e5886c13ea08ce3985ce86b12cdf45967440

  • SHA256

    cd1884569279f983b5b2be0ed933b1350cd7380ae47c2f57a6e25783cf6bd779

  • SHA512

    da8a4d6f44b470d8255cb723c6eb49cac95b10db4779eb24c6874f6f7f0b72c3822d36c2512e6da56af790b400f16928d5761253e73e319bf90b9fe9046addd2

  • SSDEEP

    1536:IFEwgqPyIqNt6+4auQg3dTXVyaH8g6CAzzl:Pw6lLuLGahlw

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2