Extracted

• • Target

    2025-02-05_7ba2801b028ce19866ac45a149dc1360_mafia

  • Size

    10.9MB

  • MD5

    7ba2801b028ce19866ac45a149dc1360

  • SHA1

    8c1c6f6c4b4c2656e328a79b8628c62090a6ef8e

  • SHA256

    41809b91b64022b92d4cddb654f6e9d07b0d1dd7466477fe0a79c4a54764cc95

  • SHA512

    a8312c22d44b8e1e3e3a7ca3de10162227c45573e2723e69c1dbd81a70ab2b9cfa53d36ccf22dc227d5c27d946d1d40a44f6f4523d6860b73a925cbc715afc21

  • SSDEEP

    24576:TpomTTN9ttttttttttttttttttttttttttttttttttttttttttttttttttttttt1:VooD

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2