toxiceye | XcHvYYrNa[.]exe | Triage

Resubmissions

18-05-2024 01:48

240518-b8ehbsee95 10

18-05-2024 01:47

240518-b7snkaee49 10

18-05-2024 01:40

240518-b3mlraec26 10

Sharing

General

Target

XcHvYYrNa.exe
Size

111KB
MD5

98e558eaea97f0b282b42fa6d49070b6
SHA1

2e48bb1b50177fe17392ac9407ba9f7e45685a3a
SHA256

d50d11636b59a11c81577342de7c72f694c99540311c2c3ffa53126e8cc394f1
SHA512

01dcd7a191ef331fe7626f760064e4368cd06c7a30374b74074d6dddf35683b443fb8c0677d1a7bfa88eac81f482dadf6788f343d9958fc9818be749ac7e9882
SSDEEP

1536:v+bDH/4gqLM91qQIwBI5xxxxdyyKDWfebhDqI68QWfzCrAZuYPwDr:Wb7/4jLSIFxxj8bxqH8QWfzCrAZuYUr

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot6444357834:AAGtL3te5_xl4dvacn8BJElHrky5SlLcE_4/sendMessage?chat_id=5563559839

Signatures

Toxiceye family
toxiceye
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

XcHvYYrNa.exe

Files

XcHvYYrNa.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\HexByte\Documents\Stealer\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ