Extracted

• • Target

    2025-02-05_89a41a1a83f2e15fd0af7ede7ea46f69_mafia

  • Size

    11.8MB

  • MD5

    89a41a1a83f2e15fd0af7ede7ea46f69

  • SHA1

    85f17d37d656696b749003062d742b8f6d2e5ef8

  • SHA256

    9f5f1a4a573d9105751bcffa4c16bc4862a87849386a92d98a0f2b53233a0527

  • SHA512

    3346534ee4a952f74d5f5236dc4a29c16ee5348ebab4336fa19e142f2b8b2936c7847ba7b4f0c5fda26d4cccda570454d08850e514070f89abe1cf8ce1e89561

  • SSDEEP

    196608:GyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXB:rXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXR

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2