toxiceye | 276d53b6f343cffb4e81e6db87b30dce162b82dd2ed9aea49d754cdfba8e865a | Triage

Sharing

General

Target

Win-XwormRat-builder.exe
Size

928KB
Sample

240713-zer4bswepn
MD5

db9df61757cc712eb190955371d24937
SHA1

308155685a2bcc0369a63d1ac2c13c7293cedce7
SHA256

276d53b6f343cffb4e81e6db87b30dce162b82dd2ed9aea49d754cdfba8e865a
SHA512

cf2ab30da84cdee5988c52f08403a33d99f5565839959763aaa4b34745251cc32839e466e7c6c27f83145bc10b55e0f279a4165af58db28156f34aa2b44a921e
SSDEEP

12288:V8pICumxgLj3PSg+Gfqxk01P6RNGZS7yK8g3dviBOEBkCtip/y6Lr9vXjdkpgLMk:p1ixARrLl1/1q+

Score

10^/10

toxiceye rat trojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot5536756167:AAFMcQrFbMZMBynbrtZUudaOT9ndCJXIqT4/sendMessage?chat_id=2024893777

Targets

- Target
  
  Win-XwormRat-builder.exe
- Size
  
  928KB
- MD5
  
  db9df61757cc712eb190955371d24937
- SHA1
  
  308155685a2bcc0369a63d1ac2c13c7293cedce7
- SHA256
  
  276d53b6f343cffb4e81e6db87b30dce162b82dd2ed9aea49d754cdfba8e865a
- SHA512
  
  cf2ab30da84cdee5988c52f08403a33d99f5565839959763aaa4b34745251cc32839e466e7c6c27f83145bc10b55e0f279a4165af58db28156f34aa2b44a921e
- SSDEEP
  
  12288:V8pICumxgLj3PSg+Gfqxk01P6RNGZS7yK8g3dviBOEBkCtip/y6Lr9vXjdkpgLMk:p1ixARrLl1/1q+
Score

10^/10

toxiceye rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyerattrojan

behavioral2

toxiceyerattrojan