Extracted

• • Target

    2025-04-24_ce1ef730935cd6d3c5560d78b45c7912_amadey_elex_karagany_rhadamanthys_smoke-loader

  • Size

    12.3MB

  • MD5

    ce1ef730935cd6d3c5560d78b45c7912

  • SHA1

    30fdf1d62d4dee770e4bd1a47e0877c081bbe1e7

  • SHA256

    ae6e647ea88eab2fcb7fd5e099bd8a698af174c73fc3bc606353302e4c552788

  • SHA512

    91500bd722d3321016f1d8839a3d2f4927f086bfd284a9c79bc2f870005078f179908f40e327415984e10653740acbd4e3ae5d820005cd37cc5322122329f083

  • SSDEEP

    6144:hFHDibjFQLTfWLBAvyZNWfx55C8pjzy4KGldW:hFHD8jFQLCLBALaxSW

  Score

  10^/10

  tofseedefense_evasiondiscoveryexecutionpersistencetrojan

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee

  • Tofsee family

    tofsee

  • Creates new service(s)

    persistenceexecution

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2