toxiceye | 4945a6badc2b589030801440381322724ad39a595018fb48292160d44ce5f575 | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows7-x64

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

217KB
Sample

240228-zlxmdsdd9z
MD5

2360a3ca7c7f56a98889f16806232d5c
SHA1

996836af3b7ad850bb3977d956d0f6b4f22f95fe
SHA256

4945a6badc2b589030801440381322724ad39a595018fb48292160d44ce5f575
SHA512

3b579dad203a49b39ac03c4bc06bd6d997aac379dd1e4254431354cab202bf739891fbe683e0c6ad95a795cfc32518a49b1f5bd89c152495eb5cdb6baf910071
SSDEEP

3072:nyWNMOa+IuWSgKyuwa+IuWEjZkYq6GY2cy962KTKvgXX9vH42V0Oj1ZNxCii/8Sx:9hKTfg2mOpxpRaxHUSlQ0L4bEu

Score

10^/10

toxiceye rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win7-20240221-en

toxiceye rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

TelegramRAT.exe

Resource

win10v2004-20240226-en

toxiceye rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot6480398830:AAFQyqU2jJkoow45xDM_BRll8AzNh3bMWuM/sendMessage?chat_id=5234218001

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  217KB
- MD5
  
  2360a3ca7c7f56a98889f16806232d5c
- SHA1
  
  996836af3b7ad850bb3977d956d0f6b4f22f95fe
- SHA256
  
  4945a6badc2b589030801440381322724ad39a595018fb48292160d44ce5f575
- SHA512
  
  3b579dad203a49b39ac03c4bc06bd6d997aac379dd1e4254431354cab202bf739891fbe683e0c6ad95a795cfc32518a49b1f5bd89c152495eb5cdb6baf910071
- SSDEEP
  
  3072:nyWNMOa+IuWSgKyuwa+IuWEjZkYq6GY2cy962KTKvgXX9vH42V0Oj1ZNxCii/8Sx:9hKTfg2mOpxpRaxHUSlQ0L4bEu
Score

10^/10

toxiceye rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyerattrojan

behavioral2

toxiceyerattrojan

© 2018-2024

Terms | Privacy