Extracted

• • Target

    2025-01-31_dc0400cc759c1d5f7ca5c11b9edda600_mafia

  • Size

    10.0MB

  • MD5

    dc0400cc759c1d5f7ca5c11b9edda600

  • SHA1

    fff821ce69dd9ae482131d85e4bb6e218eb40435

  • SHA256

    f954da5648966e7534005b93d35de289192a6cc3e8f4e765b7de80bc2675c6d8

  • SHA512

    6fecf099f5aa85ea2d5dcd7cd3ae152261a5c20e02d71fc4ee43675f04286919f865c5ea7f3b66d8b005de8ef1843c80d6c278e116b5161a052b3537ec9a4162

  • SSDEEP

    24576:h6WdLQkyQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQf:IWdLQk

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2