toxiceye | a0790e8195c00714a8486ea9c7a9902e8dd9efc498c3c31737b1e753ac319d09 | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows7-x64

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

143KB
Sample

240302-cybt5ahc55
MD5

5ed0d420fc1b4641d8b88cf909be6e4e
SHA1

a324050949e558a339cfc02e761e12dd657f1ee2
SHA256

a0790e8195c00714a8486ea9c7a9902e8dd9efc498c3c31737b1e753ac319d09
SHA512

f3d000019faa786fa589bee3fb07abcd7c928220066b56ecac69c46077feb742cbd6dfa6a6bdb3fb4861154751b12d99ef71b487b12655b41127d132fc2e628e
SSDEEP

3072:OhcmsSrI7vLHvWk4EqvE2Rf2p65dd54f/iaK9N4bve0ZQWf5CrAZuC+C:Ov4v8Ef/iayubWa

Score

10^/10

toxiceye rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win7-20240221-en

toxiceye rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

TelegramRAT.exe

Resource

win10v2004-20240226-en

toxiceye rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  143KB
- MD5
  
  5ed0d420fc1b4641d8b88cf909be6e4e
- SHA1
  
  a324050949e558a339cfc02e761e12dd657f1ee2
- SHA256
  
  a0790e8195c00714a8486ea9c7a9902e8dd9efc498c3c31737b1e753ac319d09
- SHA512
  
  f3d000019faa786fa589bee3fb07abcd7c928220066b56ecac69c46077feb742cbd6dfa6a6bdb3fb4861154751b12d99ef71b487b12655b41127d132fc2e628e
- SSDEEP
  
  3072:OhcmsSrI7vLHvWk4EqvE2Rf2p65dd54f/iaK9N4bve0ZQWf5CrAZuC+C:Ov4v8Ef/iayubWa
Score

10^/10

toxiceye rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyerattrojan

behavioral2

toxiceyerattrojan

© 2018-2024

Terms | Privacy