General
-
Target
TelegramRAT.exe
-
Size
140KB
-
Sample
240302-em36caad64
-
MD5
dfa6fcf1c40b948797c4826414a630de
-
SHA1
200faa577f4c2c9e6f15d0c01376ca9c16d87250
-
SHA256
4090a62dc4c113b58b3cbc28832fcb03dcb33c4c257c5ec65e3c574dbc12db2a
-
SHA512
f4e8ff21aee6d26cc985baa2bcc2b13d51d25b849f8f3ef7fffecc23ecbc092729ec409c2827671736c68a43d98edc896723e04912672aecbad894e381094e53
-
SSDEEP
3072:ukSfxDxDP+tVofe7UoxvxbKm1/QW4aCrAZ5KLhga:xaxNCLxbZ36
Malware Config
Extracted
toxiceye
https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698
Targets
-
-
Target
TelegramRAT.exe
-
Size
140KB
-
MD5
dfa6fcf1c40b948797c4826414a630de
-
SHA1
200faa577f4c2c9e6f15d0c01376ca9c16d87250
-
SHA256
4090a62dc4c113b58b3cbc28832fcb03dcb33c4c257c5ec65e3c574dbc12db2a
-
SHA512
f4e8ff21aee6d26cc985baa2bcc2b13d51d25b849f8f3ef7fffecc23ecbc092729ec409c2827671736c68a43d98edc896723e04912672aecbad894e381094e53
-
SSDEEP
3072:ukSfxDxDP+tVofe7UoxvxbKm1/QW4aCrAZ5KLhga:xaxNCLxbZ36
Score10/10-
ToxicEye
ToxicEye is a trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-