Extracted

• • Target

    2025-01-30_151f608fcbf07aad716fe5bc95e45766_mafia

  • Size

    12.5MB

  • MD5

    151f608fcbf07aad716fe5bc95e45766

  • SHA1

    4180eead80294e8ec941f2e364ee8cc3fdcac541

  • SHA256

    f81c9417f0c21103d7dcf90a0d061944c5af2b3cb29f43e87d8649958ea84877

  • SHA512

    5cee7d48bc720821b875daf04b7e0714ab223bd1bcf441b456c24ac459f5636a0e06d0b95edd4696e248851962255f5c081608e0c3261175d2439fd6e30df11b

  • SSDEEP

    393216:RXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXb:h

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2