General
-
Target
a.exe
-
Size
143KB
-
Sample
240302-b8ehbsge9x
-
MD5
9f7e5fec8caa330b7ae21818ca6bd057
-
SHA1
04c7bc6909a8cac7712010728c1d58ea348e7400
-
SHA256
5d3a08dced9382d003191a7cc8fab4b2e116c8673301de05e75f1891d7740d33
-
SHA512
8756772ed9ca40cf1bd879faf2a6b34861ba3abe46199b90e3db66ddb1b87837494720892a73f7b3c22ed0f234f1a5d91282de48c431709775597dc4cd066e8f
-
SSDEEP
3072:/hcmsSrI7vLHvWk4EqvE2Rf2p65dd54f/iaK9NIbve0ZQWf5CrAZuCPg:/v4v8Ef/iay+bWa
Malware Config
Extracted
toxiceye
https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698
Targets
-
-
Target
a.exe
-
Size
143KB
-
MD5
9f7e5fec8caa330b7ae21818ca6bd057
-
SHA1
04c7bc6909a8cac7712010728c1d58ea348e7400
-
SHA256
5d3a08dced9382d003191a7cc8fab4b2e116c8673301de05e75f1891d7740d33
-
SHA512
8756772ed9ca40cf1bd879faf2a6b34861ba3abe46199b90e3db66ddb1b87837494720892a73f7b3c22ed0f234f1a5d91282de48c431709775597dc4cd066e8f
-
SSDEEP
3072:/hcmsSrI7vLHvWk4EqvE2Rf2p65dd54f/iaK9NIbve0ZQWf5CrAZuCPg:/v4v8Ef/iay+bWa
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
ToxicEye
ToxicEye is a trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-