Extracted

• • Target

    2025-02-07_95504588c01b1f77d656f20c48c78884_mafia

  • Size

    14.0MB

  • MD5

    95504588c01b1f77d656f20c48c78884

  • SHA1

    2b50d1be602f11690f75d426fb8fd057c718d11c

  • SHA256

    d038091e7be4a1ca2830a3662a28ff1ef0300ebecd5b1051525b88cbc0f30988

  • SHA512

    c0d6b7639b9fff61ef9dbfd0dfc7ccad90ace0f7615b540c6fc677dafcc6c92fd9e3e1c82c27782eddd9b711c60112b09642393c51596e26fcade4d91da408ba

  • SSDEEP

    24576:+6WdLQkyQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQx:vWdLQkb

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2