Extracted

• • Target

    2025-02-07_611a439c5a29846e90960d247620c30d_mafia

  • Size

    12.4MB

  • MD5

    611a439c5a29846e90960d247620c30d

  • SHA1

    ac34d80dec401c12d05a196385e8ffd4dd02f43e

  • SHA256

    d1254107245e25bc26376e9913ae204fb0d1992455e809aa03f51eec910294da

  • SHA512

    60f373125ee2bec44027b369715e80293c75c450cd3ec54681f920118f2b35365eaa9af3cf8b5d13c14be35d681d42badeb81a7aa837a94dc5f9bbe07777a8f8

  • SSDEEP

    24576:ipomTTN9tttttttttttttttttttttttttttttttttttttttttttttttttttttttE:GooC

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2