Extracted

• • Target

    2025-01-19_9ae14d0d2f53418758d7081b386aadae_mafia

  • Size

    10.1MB

  • MD5

    9ae14d0d2f53418758d7081b386aadae

  • SHA1

    e3107480d5a5f0e88c44ca7b2d304abfa97d44b8

  • SHA256

    90487b300aba41f47d23d2057997fa294b15b759d97cef00a52a699fb1f86566

  • SHA512

    149f552406d637a32c0781d342836890df703b5acc803fc0462dc66a77173d16aed15cc2384cce68d52884c4fa0077398c204cd5396409b2b056cd72cad7a42d

  • SSDEEP

    196608:2yXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:bXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXn

  Score

  10^/10

  tofseediscoveryevasionexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2