Overview

overview

10

Static

static

10

TelegramRAT.exe

windows7-x64

10

TelegramRAT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    111KB

  • Sample

    240718-qkmalatbqc

  • MD5

    3c6f5e7ca1f0279c860554b7b4dfaf5d

  • SHA1

    15c4baaa666353eb7dd5d28a76aead8bf14bc352

  • SHA256

    f7514a2e0e612b0b4211c4655fedc3a7052578f38f1bfe131e2213102c164e34

  • SHA512

    1c8ac972d4ef27ec0f80e850137a8f19c95c72b97f2dede9c4d0caf007709133a5f2e248f6f04bc6e30fbbea742b8f4ae66a4f3408ab0d00ca48c48865947b09

  • SSDEEP

    1536:l+b6QDWv5IDlOM91qQIwy3xZxdyyKDWfybhDqI6oQWVzCrAZuW5TDx:Ib2IpOLhZxjQbxqHoQWVzCrAZuWRx

Score
10/10
toxiceyerattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7074076538:AAGqOb5C3l0YTijTUMFzandCeulk-NFhSz0/sendMessage?chat_id=5623362319

Targets

    • Target

      TelegramRAT.exe

    • Size

      111KB

    • MD5

      3c6f5e7ca1f0279c860554b7b4dfaf5d

    • SHA1

      15c4baaa666353eb7dd5d28a76aead8bf14bc352

    • SHA256

      f7514a2e0e612b0b4211c4655fedc3a7052578f38f1bfe131e2213102c164e34

    • SHA512

      1c8ac972d4ef27ec0f80e850137a8f19c95c72b97f2dede9c4d0caf007709133a5f2e248f6f04bc6e30fbbea742b8f4ae66a4f3408ab0d00ca48c48865947b09

    • SSDEEP

      1536:l+b6QDWv5IDlOM91qQIwy3xZxdyyKDWfybhDqI6oQWVzCrAZuW5TDx:Ib2IpOLhZxjQbxqHoQWVzCrAZuWRx

    Score
    10/10
    toxiceyerattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks