toxiceye | 6538369d45139f5c9e24a65b13fbd090_NEIKI | Triage

Sharing

General

Target

6538369d45139f5c9e24a65b13fbd090_NEIKI
Size

111KB
MD5

6538369d45139f5c9e24a65b13fbd090
SHA1

1c0972a20fc8278947a66a95f87eadcbea3a8861
SHA256

1e381576d27967ba71cf844ff6a5a217062b78d4d1e3b91fefe4400a0929b50b
SHA512

31e00cb69aab15d435f511258bb7d067d59294dbe306d3127d467a9aa482e6c8c4f87b23b46550196a86d5d0bfc003527b1fae5dfd51204a38b86504bdece384
SSDEEP

3072:2b/YUuQaS+T8sBkGncdNujNhOYhbxqH7QWEzCrAZuYil:qYUuQaS+T8sBkGncYNVbgW

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot6614924384:AAFfRfKSXv_nYZghPcfGxWb5r0pZZqztlKU/sendMessage?chat_id=5006597517

Signatures

Toxiceye family
toxiceye

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6538369d45139f5c9e24a65b13fbd090_NEIKI

Files

6538369d45139f5c9e24a65b13fbd090_NEIKI
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Даня\OneDrive\Desktop\Новая папка\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ