Extracted

• • Target

    JaffaCakes118_dba85cdc0e89cd40923b53f496ae1764

  • Size

    12.7MB

  • MD5

    dba85cdc0e89cd40923b53f496ae1764

  • SHA1

    375b729f779ddd55457ab70806dfeebc8d4c6099

  • SHA256

    e385027bf50361742ca9a6a3d9c179cde61b1f2de98fc59e43574c9775c0dbb6

  • SHA512

    bd1c24111e28e7956157f9d9a8f52ee431d01aa34bea9e670819e85b8c1e2e73fcc98873235fb799501b63f5eff6c1320ce8319573d1e37f56db26e67c586405

  • SSDEEP

    196608:sT6666666666666666666666666666666666666666666666666666666666666+:s

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2