C:\Users\hokr\Source\Repos\ToxicEye\TelegramRAT\TelegramRAT\obj\Debug\TelegramRAT.pdb
Behavioral task
behavioral1
Sample
TelegramRAT.exe
Resource
win7-20240221-en
General
-
Target
TelegramRAT.exe
-
Size
217KB
-
MD5
2360a3ca7c7f56a98889f16806232d5c
-
SHA1
996836af3b7ad850bb3977d956d0f6b4f22f95fe
-
SHA256
4945a6badc2b589030801440381322724ad39a595018fb48292160d44ce5f575
-
SHA512
3b579dad203a49b39ac03c4bc06bd6d997aac379dd1e4254431354cab202bf739891fbe683e0c6ad95a795cfc32518a49b1f5bd89c152495eb5cdb6baf910071
-
SSDEEP
3072:nyWNMOa+IuWSgKyuwa+IuWEjZkYq6GY2cy962KTKvgXX9vH42V0Oj1ZNxCii/8Sx:9hKTfg2mOpxpRaxHUSlQ0L4bEu
Malware Config
Extracted
toxiceye
https://api.telegram.org/bot6480398830:AAFQyqU2jJkoow45xDM_BRll8AzNh3bMWuM/sendMessage?chat_id=5234218001
Signatures
-
Toxiceye family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource TelegramRAT.exe
Files
-
TelegramRAT.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 214KB - Virtual size: 214KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ