Overview

overview

10

Static

static

10

TelegramRAT.exe

windows7-x64

10

TelegramRAT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    140KB

  • Sample

    240302-ehjk5sad23

  • MD5

    a7f2f3eb00e6fada6eef7f6d4bad84ac

  • SHA1

    7772bf4e931c3ea67e6d1366b10b495618dd6733

  • SHA256

    70443d8dd1d0b52f392d95b50a3582f5a2038f66a46faeb635bd7dbe73643bcb

  • SHA512

    d133efdaed62350a7fcd05ffd2bd1510a731c6f131a86b54f3e941ffddd450a797bfec205decd7de1b994288fd52ed6f015839b1228720edd0927a3322c7f9d4

  • SSDEEP

    3072:9kSfx8i3yykxyofe7UoxsbKm1/QW4aCrAZ54VhgO:KaxRxkxnbZ30

Score
10/10
toxiceyerattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698

Targets

    • Target

      TelegramRAT.exe

    • Size

      140KB

    • MD5

      a7f2f3eb00e6fada6eef7f6d4bad84ac

    • SHA1

      7772bf4e931c3ea67e6d1366b10b495618dd6733

    • SHA256

      70443d8dd1d0b52f392d95b50a3582f5a2038f66a46faeb635bd7dbe73643bcb

    • SHA512

      d133efdaed62350a7fcd05ffd2bd1510a731c6f131a86b54f3e941ffddd450a797bfec205decd7de1b994288fd52ed6f015839b1228720edd0927a3322c7f9d4

    • SSDEEP

      3072:9kSfx8i3yykxyofe7UoxsbKm1/QW4aCrAZ54VhgO:KaxRxkxnbZ30

    Score
    10/10
    toxiceyerattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks