Extracted

• • Target

    2025-02-08_fdc548d0b555beef25558fde9644e72c_mafia

  • Size

    12.4MB

  • MD5

    fdc548d0b555beef25558fde9644e72c

  • SHA1

    94a30405531cfb3c6294e84fa6464eedaca5fcf4

  • SHA256

    bf33df8fa3e11d6386fb16a785be9e6c40497aca011bb1cad4e9b2eb877d69b0

  • SHA512

    9b5e3de43406c6671a073657e0a9a0deffe838ef3e854f45fba457be6e6cd432a304ed87aeae8ffa6df1a72d9483dabb526fdc00a2da0ce4ccad46850a948058

  • SSDEEP

    49152:zqE0YKr3fYPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPz:zqtYc3U

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Windows security bypass

    defense_evasiontrojan

  • Creates new service(s)

    persistenceexecution

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2