toxiceye | 872d241e41e2b657746d8d66b3bce7377790d9793d987929482f088f960c8591 | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows7-x64

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

141KB
Sample

240302-ecfbjaab96
MD5

2e421076fded17a6c3643d2d65b6d344
SHA1

8c2d9e0e6b16ab6ddeaacf661f5bf7b472911dd5
SHA256

872d241e41e2b657746d8d66b3bce7377790d9793d987929482f088f960c8591
SHA512

1f275c68f898d96cb34ac2027016ee78b0ac2211dc5003ba94c07ea93a66eecd1935c3a14b6b16826447d3beb93f1162499d3fe69fdc49b06c8fd1647812601d
SSDEEP

3072:lkSfx+nPu2KiQQ7+ofe7Uoxo1bKm1/QW4aCrAZrxIhsz:Sax+nmSn7B1bZ32

Score

10^/10

toxiceye rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win7-20240221-en

toxiceye rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

TelegramRAT.exe

Resource

win10v2004-20240226-en

toxiceye rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  141KB
- MD5
  
  2e421076fded17a6c3643d2d65b6d344
- SHA1
  
  8c2d9e0e6b16ab6ddeaacf661f5bf7b472911dd5
- SHA256
  
  872d241e41e2b657746d8d66b3bce7377790d9793d987929482f088f960c8591
- SHA512
  
  1f275c68f898d96cb34ac2027016ee78b0ac2211dc5003ba94c07ea93a66eecd1935c3a14b6b16826447d3beb93f1162499d3fe69fdc49b06c8fd1647812601d
- SSDEEP
  
  3072:lkSfx+nPu2KiQQ7+ofe7Uoxo1bKm1/QW4aCrAZrxIhsz:Sax+nmSn7B1bZ32
Score

10^/10

toxiceye rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyerattrojan

behavioral2

toxiceyerattrojan

© 2018-2024

Terms | Privacy