toxiceye | hxxps://github[.]com/0x77ff/Byte-Stealer | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://github.com/0...

windows10-2004-x64

Sharing

General

Target

https://github.com/0x77ff/Byte-Stealer
Sample

240501-fh2bmaae78

Score

10^/10

toxiceye agilenet rat trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://github.com/0x77ff/Byte-Stealer

Resource

win10v2004-20240426-en

toxiceye agilenet rat trojan

windows10-2004-x64

21 signatures

1800 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot5536756167:AAFMcQrFbMZMBynbrtZUudaOT9ndCJXIqT4/sendMessage?chat_id=2024893777

Targets

- Target
  
  https://github.com/0x77ff/Byte-Stealer
Score

10^/10

toxiceye agilenet rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

toxiceyeagilenetrattrojan

© 2018-2024

Terms | Privacy