Extracted

• • Target

    2025-01-28_fc4780bcbdfc6c2af8855c1d4256fa02_mafia

  • Size

    14.5MB

  • MD5

    fc4780bcbdfc6c2af8855c1d4256fa02

  • SHA1

    b4d3d9a16f3fd3e100ccd85f71099c050125878a

  • SHA256

    db08141ddd392be7ed45555340b8e28c39b642e45b8ab1c6ffecb42712ebcbe5

  • SHA512

    106753adefdeaa633c7d825d77d5096ea276d4501eedb99bc784aebb5dc8cf7b141a051abaf9c2bc47019d61c617d6d5e3a8cff43b3076d0b5225de0c213bc5b

  • SSDEEP

    24576:i6WdLQkyQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ:rWdLQk

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2