Extracted

• • Target

    2025-04-24_a34f64b2766a4570993f4dfca01fa1f2_elex_rhadamanthys_smoke-loader

  • Size

    11.9MB

  • MD5

    a34f64b2766a4570993f4dfca01fa1f2

  • SHA1

    55e7570711c06b6ada8ca055f8ac46d382a26e47

  • SHA256

    e0a3d48469b80e9adbd367711db8a08e0d8a62a2787b0d6fcbb8fc779faa4712

  • SHA512

    3e183399bb527847d9717e5fdc7c5caad8830bdb867d481c523457937cecb23631002d48a521246210525eaf2c5a02b0164e0e068c11f0eaba19318982fad32c

  • SSDEEP

    49152:oqL7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7I7IE:o9

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2