Extracted

• • Target

    2025-02-08_e14b71735cb62ae5d7bf1859e3dc30bf_mafia

  • Size

    15.0MB

  • MD5

    e14b71735cb62ae5d7bf1859e3dc30bf

  • SHA1

    d8dd31a17ce809a1be83e46342e19c844fa6e4fb

  • SHA256

    01b511966adcd0871a1e526418278ead6bfe873ce553588e7695eb051427b2dc

  • SHA512

    85011bd12f0e324cc638a0a4dc464efcaf99d031978904a552e6dc9beb17c5f92fe1ce414404329d2caece1511fd8c3cff331bb462673c9a04b1028191383aa8

  • SSDEEP

    393216:MXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXo:n

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2