Extracted

• • Target

    2025-01-28_a8c1c593d630a0bfa5378ce57a912489_mafia

  • Size

    13.6MB

  • MD5

    a8c1c593d630a0bfa5378ce57a912489

  • SHA1

    b36e5183a0bb250abe802483621cb439cc5b1d88

  • SHA256

    09d0d0467f93f111dd908c7059cd0164a4ace3ecc58f45e4cde0f28e913e8130

  • SHA512

    daeb183264b3279699292d162e4d3ae20f7a4e65d0d5a2f774be8929f0ba72d3c296018430de69ac2bb6a642792c60fbcb2ccb49a65411e6a578470f3275f7c6

  • SSDEEP

    24576:qpomTTN9tttttttttttttttttttttttttttttttttttttttttttttttttttttttH:+oo

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2