Extracted

• • Target

    2025-04-04_7338124f67fd8e4e0712a842d9b2e3f4_mafia_rhadamanthys

  • Size

    12.4MB

  • MD5

    7338124f67fd8e4e0712a842d9b2e3f4

  • SHA1

    970b2f68db7da47d05c39aad87a6a79eb8f411d7

  • SHA256

    ded0c51b324961ebb655dd7a7a1d2a0af738403893e692a6dc58d5a6760dbd69

  • SHA512

    f0f168b3fcfb1dd49618881742f56bd513f6465fe97c23e63a88faa93a681bebe82f2867c6516ea98816aa288c1788846431b5b7fd2a51f9685cc73a3bc9553c

  • SSDEEP

    393216:fXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1