Extracted

• • Target

    71cdbb0fb6224d66464401d027ed5810fd46fc05988b8b8f6e957ee15a137532

  • Size

    176KB

  • MD5

    5f7fe860cb3496ceec0ef338b6781f90

  • SHA1

    941868e3c0fee15f6ecf3bd3429765f693a63dce

  • SHA256

    71cdbb0fb6224d66464401d027ed5810fd46fc05988b8b8f6e957ee15a137532

  • SHA512

    efb6c1bd50384285eb51805eb28b9dc62ad9b6fa5b7bbe0006d5bd142c7686be79249a33eb9466d292aa0a91611eeaaa285535bd0eb7bad7ad8649705695e479

  • SSDEEP

    3072:+zE7torPMLERyENUYZ8EnfHsEdF9zbjbTrlMzLjrMsUzbjULt1dlGR1tldle/sYW:mEJAUgME57

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2