Extracted

• • Target

    JaffaCakes118_61db407c522e2507cff184da43270768

  • Size

    180KB

  • MD5

    61db407c522e2507cff184da43270768

  • SHA1

    5803ce233b53358f3d5baef60b3c8d67d16c7d82

  • SHA256

    27eee4b9d99a346cbc800509c8b78ec0d38a20dc0c1d4cd7f112a1af1dc425bb

  • SHA512

    a366d98c33a6bd6693880e282d3966db6f7008a5093b67893f7a206d8ca20d612a3059968fab63f30de7df7d87f4ceb3c59e6ce7cc83af382dff4d48eebc5f54

  • SSDEEP

    3072:N6mkrF2lH16EI1BU/z92qcY0R8U2F8O4QRf2JLuQgTbNaQUQ:QdaaBI7cY02U

  Score

  10^/10

  tofseediscoverypersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2