Extracted

• • Target

    2025-02-08_faeef2f615c355d7e8774bdcb9dc90c6_mafia

  • Size

    13.6MB

  • MD5

    faeef2f615c355d7e8774bdcb9dc90c6

  • SHA1

    9048421786fa7813eefb00f29e9e9f2158dfc667

  • SHA256

    0af19468f4c23b6abaf05da3aecc6a669e5aefe9765041f6bfeaeb9d85b6b28c

  • SHA512

    0846a2edd0dd5bf7f29cddc6b372067f0677e99a4def400e6bc4eceeaa3bcec56a61c55a89b40358164d35a5241a3e4dca27b9d9cf59283a493f0f862cf452c0

  • SSDEEP

    393216:2XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXZ:E

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2