Extracted

• • Target

    e5411982e48ac4e1458b3671a97177fe_JaffaCakes118

  • Size

    12.9MB

  • MD5

    e5411982e48ac4e1458b3671a97177fe

  • SHA1

    1d8b356af353be5708d53527b5c9a09d4f442e94

  • SHA256

    ac3310b8260fc47ddf03699e3efcb700099b2daa4b751f5c0fcaa1abb69643a3

  • SHA512

    fe220b6c34fce251f80ae93d00a6d72f2afa9bd7e078dc76df5eee22102e2dc01cb41cf68fd0b9dabafeb58ea24521e3c80d76082e7a73b5c9d680426d058be2

  • SSDEEP

    24576:ME2llllllllllllllllllllllllllllllllllllllllllllllllllllllllllll/:ME

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2