Extracted

• • Target

    2025-02-01_f459bea29e6b053f0579414f1567e7f5_mafia

  • Size

    12.6MB

  • MD5

    f459bea29e6b053f0579414f1567e7f5

  • SHA1

    b3c21498ac4bf3e3f92b5b9b8e46abf8d0f8491f

  • SHA256

    07cd63a39bc7e39cc04f8ae3833efba10b921cf741fd1b73ab2fbdd2499a639d

  • SHA512

    40ad31fc9bb62d32b61f9dda1efce44d4194c3c23edfc6bc33798a65f4cfc77015f1b2bfbc660d310d3cbcf8cde9ac6c7fffca02a8db1bb3202dfcb64251f66b

  • SSDEEP

    393216:cXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXn:

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2