Extracted

• • Target

    2025-02-03_aaec138d6fde4a2307b05baa2381010b_mafia

  • Size

    10.0MB

  • MD5

    aaec138d6fde4a2307b05baa2381010b

  • SHA1

    e556799f565d06bf0645b0f7a4b054fec09398d6

  • SHA256

    26cbf6573e3ff65610d2f8766543be13c021de428b2dea15814806fb84f49027

  • SHA512

    7a250c6bdc43c671c98e065f6120e8aaf3308001b7e8707c8f8ad9202dfcc8775072483ee72c7d8477c46f7ab917d63db60aa051f7af1607d76ce83687aad1f0

  • SSDEEP

    196608:QyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXH:lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2