Extracted

• • Target

    2025-02-07_21bab2b2396f9666734d4fa8ecb7c391_mafia

  • Size

    14.5MB

  • MD5

    21bab2b2396f9666734d4fa8ecb7c391

  • SHA1

    cc0110f22a0e113277447eeb0977b1fe0f092b42

  • SHA256

    113204d499543435f6256751082b03e43cbfa3e5aaf4ac2ae72791dc1d5b1c4e

  • SHA512

    33b705f9d6465f2a42c7f24976e05142e6e6b8295056a20d3ccc96fd711a6546d14a9c7ca0f1e9d43472002913b498045716db8a76116e5c70adc151803556cf

  • SSDEEP

    24576:i6WdLQkyQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQM:rWdLQkW

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2