Extracted

• • Target

    2025-01-28_bc69fe693d7847a09ad69fef17f7827a_mafia

  • Size

    11.2MB

  • MD5

    bc69fe693d7847a09ad69fef17f7827a

  • SHA1

    e769da6a06c64a656686f9ca39b01cdea4decc60

  • SHA256

    ee06a44cd6bc5c852ef5e3e26ce0a11fef7502cdca6b1ac98dfe012770d22e11

  • SHA512

    ab887575c2c99f1ee19e7d7cfd6ee9d13ab9930191e3b4fc0f69dae07c11b386462e7ec09e53f02802b305e14c60b03bdaecc141687e88065483a18d824cdf5d

  • SSDEEP

    6144:0LQ1p/2p5e+D2jFHO+iZoy6u9FlfrXEz9NQNQNQNQNQNQNQNQNQNQNQNQNQNQNQJ:pTYe+D2jFu+iZoUFhAzG

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2