Extracted

• • Target

    2025-02-02_944eaabd41a839291b32b985b5a9c1d8_mafia

  • Size

    10.8MB

  • MD5

    944eaabd41a839291b32b985b5a9c1d8

  • SHA1

    51cfca20fbce3e1a888b8c8d78e08e3be3d98373

  • SHA256

    ae9624415b31812f8ba62205cc256cf157420491911f74bc145899620963c80a

  • SHA512

    e616eb0e479c41f38df4fec3f8e7e136cda5908719e0bbcb584ae861f068cd4993221250d7e481767be9a20a31cc3fcf1b65ff6ff3d371fad0856cf89441968c

  • SSDEEP

    6144:hLQ1p/2p5e+D2jFHO+iZoy6u9FlfrXEz9NQNQNQNQNQNQNQNQNQNQNQNQNQNQNQl:iTYe+D2jFu+iZoUFhAz

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2