toxiceye | 05784dc21b94b6c838f1d979fcf7107fc7c1be31c026eccc9259c7878a52ba92 | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows7-x64

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

141KB
Sample

240302-d659daaa76
MD5

3f348796bd487827ac9e566dc082d5ce
SHA1

54fd77ca70dfcb9dfa092ff5f5cc911eca27e39d
SHA256

05784dc21b94b6c838f1d979fcf7107fc7c1be31c026eccc9259c7878a52ba92
SHA512

bc5292d8a45e10fd59d4661bdb189f595407b5c3f5fbe2f6a3153e129d75a1d8e868ada144504640c2e1504cba8c717a365fab145ad04b7c179f2829f17309c8
SSDEEP

3072:Txx7ZFDCfyVRHpy756OtAVIqOYiibKmCPQW4eCrAZrRen1:FZZFDCfyVRJchDebZos

Score

10^/10

toxiceye rat spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win7-20240220-en

toxiceye rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

TelegramRAT.exe

Resource

win10v2004-20240226-en

toxiceye rat spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  141KB
- MD5
  
  3f348796bd487827ac9e566dc082d5ce
- SHA1
  
  54fd77ca70dfcb9dfa092ff5f5cc911eca27e39d
- SHA256
  
  05784dc21b94b6c838f1d979fcf7107fc7c1be31c026eccc9259c7878a52ba92
- SHA512
  
  bc5292d8a45e10fd59d4661bdb189f595407b5c3f5fbe2f6a3153e129d75a1d8e868ada144504640c2e1504cba8c717a365fab145ad04b7c179f2829f17309c8
- SSDEEP
  
  3072:Txx7ZFDCfyVRHpy756OtAVIqOYiibKmCPQW4eCrAZrRen1:FZZFDCfyVRJchDebZos
Score

10^/10

toxiceye rat trojan spyware stealer
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyerattrojan

behavioral2

toxiceyeratspywarestealertrojan

© 2018-2024

Terms | Privacy