Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://example.com

windows10-1703-x64

10

Resubmissions

16-07-2024 00:52

240716-a7538axekq 10

16-07-2024 00:38

240716-azbjmszcpe 10

16-07-2024 00:24

240716-aqbs2syhpd 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://example.com

  • Sample

    240716-aqbs2syhpd

Score
10/10
toxiceyeagilenetpersistencerattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot5536756167:AAFMcQrFbMZMBynbrtZUudaOT9ndCJXIqT4/sendMessage?chat_id=2024893777

Targets

    • Target

      http://example.com

    Score
    10/10
    toxiceyeagilenetpersistencerattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks