Overview

overview

10

Static

static

10

TelegramRAT.exe

windows7-x64

10

TelegramRAT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    136KB

  • Sample

    240302-z3cnjshe6v

  • MD5

    2aba3d65b4410e0dfb8e328cd081e1aa

  • SHA1

    570baf9e4fcd9735d90bd9bc461b70f143e6934a

  • SHA256

    af9d1582852905516ee58316f875a8df81beff906e28f5406486c4c62463ead4

  • SHA512

    4670ae6c28364e54b05d277aa43911b26ea0ed76a4e284cb410050a1cf2913d067e88b1bfa007cef0debea5c231acfdb2fb93f1e1c1540d1c50890d473bcdf60

  • SSDEEP

    3072:c78TXzjFl2Chi74tqiokbPFfmQWegCrAZB0qd:QczjFE4oiokbN0O

Score
10/10
toxiceyerattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7040511851:AAEjBKSxADGWlNtLxaKpotGtf53NUQ1UgAo/sendMessage?chat_id=6226815698

Targets

    • Target

      TelegramRAT.exe

    • Size

      136KB

    • MD5

      2aba3d65b4410e0dfb8e328cd081e1aa

    • SHA1

      570baf9e4fcd9735d90bd9bc461b70f143e6934a

    • SHA256

      af9d1582852905516ee58316f875a8df81beff906e28f5406486c4c62463ead4

    • SHA512

      4670ae6c28364e54b05d277aa43911b26ea0ed76a4e284cb410050a1cf2913d067e88b1bfa007cef0debea5c231acfdb2fb93f1e1c1540d1c50890d473bcdf60

    • SSDEEP

      3072:c78TXzjFl2Chi74tqiokbPFfmQWegCrAZB0qd:QczjFE4oiokbN0O

    Score
    10/10
    toxiceyerattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks