toxiceye | Sodium[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Sodium.rar
Size

81KB
MD5

8af9b9ee93dbe910194fe1fd2349eccc
SHA1

359ab71544f66f4bea8f567c1f13fb6acdfec94d
SHA256

2476634d4fb2a346a5a659414320f9701f5cbcd4e680cc120e44f610514a0e78
SHA512

111b6a85b84352a7b0b16b6afd2b79ba4b02c47a220c935db7cfaaa78da75110ad64e7475f5c2fc0fa2c27209056c424703cac2402d8c1c48c46ec2ca3361171
SSDEEP

1536:XkXdYU+Wl+eeqTdrj/DdAUB49PEsbBEf8tRVE/lI14lSLbv18wXEQbTX6K7VsJCy:XwUUeUx1GcsbWyuGbLbv1ZX7bD6ey

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

https://api.telegram.org/bot6762011934:AAFznvyLO1JAaL2nMQvUuk4MNSz_jPDyO0o/sendMessage?chat_id=6675484175

Signatures

Toxiceye family
toxiceye
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Sodium.exe

resource
unpack001/Sodium.exe

Files

Sodium.rar
.rar
Sodium.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07-07-2016 17:27

Not After

07-07-2017 17:27

Subject

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:83:5d:ce:39:95:7b:dc:65:e9:78:8d:ff:22:7e:c0:bf:64:45:15:c7:05:78:0e:60:9d:ff:13:dc:f4:c0:a6
Signer

Actual PE Digest

b0:83:5d:ce:39:95:7b:dc:65:e9:78:8d:ff:22:7e:c0:bf:64:45:15:c7:05:78:0e:60:9d:ff:13:dc:f4:c0:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Adam\Documents\GitHub\libsodium-net\libsodium-net\obj\Release\Sodium.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sodium.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Emi\Desktop\ToxicEye-master\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bfCertificate

Extended Key Usages

Key Usages

b0:83:5d:ce:39:95:7b:dc:65:e9:78:8d:ff:22:7e:c0:bf:64:45:15:c7:05:78:0e:60:9d:ff:13:dc:f4:c0:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 52KB - Virtual size: 52KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 108KB - Virtual size: 108KB

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 512B - Virtual size: 12B

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

b0:83:5d:ce:39:95:7b:dc:65:e9:78:8d:ff:22:7e:c0:bf:64:45:15:c7:05:78:0e:60:9d:ff:13:dc:f4:c0:a6
Signer

.text
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 512B - Virtual size: 12B