Extracted

• • Target

    2025-02-07_c787eb227f286f1e66b5956a655d92ba_mafia

  • Size

    11.6MB

  • MD5

    c787eb227f286f1e66b5956a655d92ba

  • SHA1

    54c4db249433272ecffbfe2a68034a0057d3d2e1

  • SHA256

    989821684007c580cf03c0c1b716cd1afacecb11f2f6912f2c9b011c46261a7d

  • SHA512

    61a22bffff2eaa8d67a55a70f762cfc42a8625ec00029f6edbe190cb679e4cec4f61a64ecaa2aa75d9b51bb3cc817459af39231e82be72a9c79c413aa838d9ef

  • SSDEEP

    196608:iyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXa:HXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXq

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2