Extracted

• • Target

    2025-02-02_1fd39ea0fb754241ec179ae2975708ff_mafia

  • Size

    11.4MB

  • MD5

    1fd39ea0fb754241ec179ae2975708ff

  • SHA1

    a869c4b2113ba693ce6318d45b4c9ccc975d322d

  • SHA256

    c51a7e68b13cd19ac5f8018136be3dd56b72fd5eb2f441753bb760c5494ac8ec

  • SHA512

    f223cfa23e0546b6757880ad92ff28dbdf161641b7853291f61067e27b098e3cdc02d4985054bed89afbba2a939414153f0a7b1b88dad86147442632106be212

  • SSDEEP

    24576:26WdLQkyQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQI:3WdLQk

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2