Extracted

• • Target

    2025-01-26_4c10a0e345e8808fc2ff9a25c590a34a_mafia

  • Size

    10.5MB

  • MD5

    4c10a0e345e8808fc2ff9a25c590a34a

  • SHA1

    c2831b0f2ff900245e0896508d937f51d9683320

  • SHA256

    2660543a9e16478ec15a63b15b36a5d0a705d6436e3331b1b7cbf295a9755347

  • SHA512

    ee62eabab1619df784770ccdf521d320fa0f6ffcefb15bde1e1f4d653a0f1cb9dc5a3bb7a2aaf2502eff32c59bbcba5c4ba89ce4638548ae49426e070d8204f9

  • SSDEEP

    196608:ZyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXn:UXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX3

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2