toxiceye | GPT4ALL[.]exe | Triage

Sharing

General

Target

GPT4ALL.exe
Size

111KB
MD5

c82f0edecbf1280b75b0bbd04b030f19
SHA1

6cd8cf4e48103e92f48951428bfb594aea0e313b
SHA256

d5210ceacbac1b615fc7286df0435b5fb0562ee8cf90e4f8242c544ea906e43b
SHA512

1583eefc55fbe37a810cffe31f957f299091ecf8e7b293f150f473318daec3f085a015ef8b37022f7c5f80093abe0076f7d6566b23b96a7e5fde2394d3d5f4db
SSDEEP

3072:ZbKoYUuQaS+T8s14NEn05vYvjNhOYhbxqHRQWtzCrAZu9d2:zYUuQaS+T8s14NEn0RyNVbgz

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot6874514158:AAF3aMojFRhYPPKLlQHDrhjxEaY4YfxO8Og/sendMessage?chat_id=6875765187

Signatures

Toxiceye family
toxiceye

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
GPT4ALL.exe

Files

GPT4ALL.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\anast\Desktop\ToxicEye-master\ToxicEye-master\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ