toxiceye | d33e97596d19884faf2d19e3c33799bff12a790062e98522ff30db4236ff170b | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows7-x64

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

141KB
Sample

240302-drkdcshd5y
MD5

ed2c7bc269dac9dd4478f1dc773de9f6
SHA1

a2bf4318a949329308799ccfc3d2379acf304d77
SHA256

d33e97596d19884faf2d19e3c33799bff12a790062e98522ff30db4236ff170b
SHA512

afeda67797e52f3fe873f8da0454028bcb3eed09b39596c69333cf09b79c91161add4f7b6992078a114abb2190e4e4f0fa98da83748fcf20cd07ce27bbc73b46
SSDEEP

3072:BnFBrznkLAWjtnXGXM9bA9D5QW4aCrAZr1m/Nf:lDznkcKWc9bA38

Score

10^/10

toxiceye rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win7-20240221-en

toxiceye rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

TelegramRAT.exe

Resource

win10v2004-20240226-en

toxiceye rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  141KB
- MD5
  
  ed2c7bc269dac9dd4478f1dc773de9f6
- SHA1
  
  a2bf4318a949329308799ccfc3d2379acf304d77
- SHA256
  
  d33e97596d19884faf2d19e3c33799bff12a790062e98522ff30db4236ff170b
- SHA512
  
  afeda67797e52f3fe873f8da0454028bcb3eed09b39596c69333cf09b79c91161add4f7b6992078a114abb2190e4e4f0fa98da83748fcf20cd07ce27bbc73b46
- SSDEEP
  
  3072:BnFBrznkLAWjtnXGXM9bA9D5QW4aCrAZr1m/Nf:lDznkcKWc9bA38
Score

10^/10

toxiceye rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyerattrojan

behavioral2

toxiceyerattrojan

© 2018-2024

Terms | Privacy