Extracted

• • Target

    2025-02-04_754058452e09ed1a3f2b5b73fc9be5a5_mafia

  • Size

    13.6MB

  • MD5

    754058452e09ed1a3f2b5b73fc9be5a5

  • SHA1

    06222c354e0941b445039a62e2c37d71846c3264

  • SHA256

    aececfea324bf665d787ab945881605e7f34a64638dcdd024bed9d2126b3a231

  • SHA512

    913fdf322a44f276f2b37fb51f121b441c4df71ff474f3cd3f647d0d514fa19226e31b30860913e3b5efbf3b83b4ac3d45f51707625238cd4cf460dd7ab5c6be

  • SSDEEP

    24576:qpomTTN9tttttttttttttttttttttttttttttttttttttttttttttttttttttttZ:+ooP

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2