General
-
Target
eb65763fbd4c28c3afac6d08ab63c318_JaffaCakes118
-
Size
900KB
-
Sample
240410-szv76ach77
-
MD5
eb65763fbd4c28c3afac6d08ab63c318
-
SHA1
9297b49103ab3beff2851a441b4458a58a986fcc
-
SHA256
2aebd9a1bc61ad562d8f8e1115cf21247281b3f5e5ab41305406c5bdc7c4b0ff
-
SHA512
3397ec9a0b04e8c43bfabe1fbf30894e4bd973a46488252e6223ad4e41c869c5bf08aa4194b5f492f90c489909819ec6ae1e8dafbeb226470416a16d557f6288
-
SSDEEP
12288:W22iNv4sjaq8c+6Rq0mHtRAex8AIb2IRzQqX2Su9Oqql6c+NnHIbwhgT16Ovl:R1usjatrgPeyNcqXMjqlxEH+wlO
Malware Config
Extracted
toxiceye
https://api.telegram.org/bot1912175024:AAFyX2DSTB35kTZDCQUzmiHwTx6F5gwOlaE/sendMessage?chat_id=1854909459
Targets
-
-
Target
eb65763fbd4c28c3afac6d08ab63c318_JaffaCakes118
-
Size
900KB
-
MD5
eb65763fbd4c28c3afac6d08ab63c318
-
SHA1
9297b49103ab3beff2851a441b4458a58a986fcc
-
SHA256
2aebd9a1bc61ad562d8f8e1115cf21247281b3f5e5ab41305406c5bdc7c4b0ff
-
SHA512
3397ec9a0b04e8c43bfabe1fbf30894e4bd973a46488252e6223ad4e41c869c5bf08aa4194b5f492f90c489909819ec6ae1e8dafbeb226470416a16d557f6288
-
SSDEEP
12288:W22iNv4sjaq8c+6Rq0mHtRAex8AIb2IRzQqX2Su9Oqql6c+NnHIbwhgT16Ovl:R1usjatrgPeyNcqXMjqlxEH+wlO
Score10/10-
ToxicEye
ToxicEye is a trojan written in C#.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-