C:\Users\HexByte\Documents\TelegramRAT\TelegramRAT\obj\Debug\Sh1zoRat.pdb
Behavioral task
behavioral1
Sample
5d0be378578617a2264e822d1b4424d71e8fa3e8dad60b30af614b173682880b.exe
Resource
win7-20231129-en
General
-
Target
5d0be378578617a2264e822d1b4424d71e8fa3e8dad60b30af614b173682880b
-
Size
119KB
-
MD5
f548ca220d471a524cb1c7d8ff613721
-
SHA1
3040c8945b16a58f44dd4f1ae5a7b0faf61b405e
-
SHA256
5d0be378578617a2264e822d1b4424d71e8fa3e8dad60b30af614b173682880b
-
SHA512
b1ea254c1ab6c3983cdb906f39403da5b342fed1836b14b4654a0e25dcae274edc517e30ec66fefbeb6f511b89e869a4d785098896bf55eac36108c79494c158
-
SSDEEP
3072:BKUpvwYGqOcW7gabRq15QWXzCrAZu8Gq:MIWMabAL
Malware Config
Extracted
toxiceye
https://api.telegram.org/bot6444357834:AAGtL3te5_xl4dvacn8BJElHrky5SlLcE_4/sendMessage?chat_id=5974265372
Signatures
-
Toxiceye family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5d0be378578617a2264e822d1b4424d71e8fa3e8dad60b30af614b173682880b
Files
-
5d0be378578617a2264e822d1b4424d71e8fa3e8dad60b30af614b173682880b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 117KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ