Extracted

• • Target

    2025-02-05_dee5a4fb48225157ac2c82f3fe35cb19_mafia

  • Size

    13.0MB

  • MD5

    dee5a4fb48225157ac2c82f3fe35cb19

  • SHA1

    9e94fa8c4967b017998c43b29e4ca327afb338fb

  • SHA256

    1a468167a1d9a761cc209f759ac4563597cd8ebce754eae4ac80db2ad7a007e3

  • SHA512

    786e30ff163598a9523ee3f38b17327292a670c1ec2a3e60f1a878db512e7016564ec4563e165ae451243bb0f60cbaa89c4fcad1e9aeaa91d213a9fc77ca0547

  • SSDEEP

    24576:qpomTTN9tttttttttttttttttttttttttttttttttttttttttttttttttttttttk:+ooe

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2