General

  • Target

    TelegramRAT.exe

  • Size

    141KB

  • Sample

    240302-d89pksab34

  • MD5

    cd98e162b45967ddb90eee3cb19edd82

  • SHA1

    f7d60aa415d06dd5d144f74081dac60b85e8103a

  • SHA256

    6aeebc4573ddec9d5008582d7984d4014fb56c4c3e1a15ab2b06adb00e7878ad

  • SHA512

    21ead7050502545121b8d059be5493942087fd496a4a864a24df520d4d815dd23573ea0450ba5738286f824337a1392d3ffba0d580a8a96182cea41a5ff0cd6c

  • SSDEEP

    3072:ux57ZFDCfyVRHpy756OtAVIqOYiibKmCPQW4eCrAZrCeni:ohZFDCfyVRJchDebZoV

Score
10/10

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698

Targets

    • Target

      TelegramRAT.exe

    • Size

      141KB

    • MD5

      cd98e162b45967ddb90eee3cb19edd82

    • SHA1

      f7d60aa415d06dd5d144f74081dac60b85e8103a

    • SHA256

      6aeebc4573ddec9d5008582d7984d4014fb56c4c3e1a15ab2b06adb00e7878ad

    • SHA512

      21ead7050502545121b8d059be5493942087fd496a4a864a24df520d4d815dd23573ea0450ba5738286f824337a1392d3ffba0d580a8a96182cea41a5ff0cd6c

    • SSDEEP

      3072:ux57ZFDCfyVRHpy756OtAVIqOYiibKmCPQW4eCrAZrCeni:ohZFDCfyVRJchDebZoV

    Score
    10/10
    • ToxicEye

      ToxicEye is a trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks