toxiceye | 99a161958aa54105ca4da8beaa81349916e6f8be606cfa3330e6bfd2cabf0d59 | Triage

Submit
Reports

Overview

overview

Static

static

NursultanCrack.exe

windows7-x64

NursultanCrack.exe

windows10-2004-x64

Sharing

General

Target

NursultanCrack.exe
Size

316KB
Sample

240719-lt1r5aybka
MD5

606f0b6807bd48c75df315455cdf3115
SHA1

386abb6a3af6d758c31622d333b1dd40111d576c
SHA256

99a161958aa54105ca4da8beaa81349916e6f8be606cfa3330e6bfd2cabf0d59
SHA512

8ee4a172934e79d0e670674c1e39a41d2e7eb7c30295f26aef6a6318be7764acb8e66107d4bfb6de080cf7d2cee5d4806974f4575f7a56305db5bd7c6197b249
SSDEEP

3072:3bGb9aUEDppbpYHDQWgzCrAZuRDTXJtFg3MZfZpxy4MfY9d1ZOeyDqL+WeCCOOSr:Kb9apnb+ifOx7y41keymL+WeCCOOSS

Score

10^/10

toxiceye rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NursultanCrack.exe

Resource

win7-20240705-en

toxiceye rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

NursultanCrack.exe

Resource

win10v2004-20240709-en

toxiceye rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7323288274:AAG3J41fmlCLnpBQrpmptPYElp52emNgHNU/sendMessage?chat_id=6002437029

Targets

- Target
  
  NursultanCrack.exe
- Size
  
  316KB
- MD5
  
  606f0b6807bd48c75df315455cdf3115
- SHA1
  
  386abb6a3af6d758c31622d333b1dd40111d576c
- SHA256
  
  99a161958aa54105ca4da8beaa81349916e6f8be606cfa3330e6bfd2cabf0d59
- SHA512
  
  8ee4a172934e79d0e670674c1e39a41d2e7eb7c30295f26aef6a6318be7764acb8e66107d4bfb6de080cf7d2cee5d4806974f4575f7a56305db5bd7c6197b249
- SSDEEP
  
  3072:3bGb9aUEDppbpYHDQWgzCrAZuRDTXJtFg3MZfZpxy4MfY9d1ZOeyDqL+WeCCOOSr:Kb9apnb+ifOx7y41keymL+WeCCOOSS
Score

10^/10

toxiceye rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyerattrojan

behavioral2

toxiceyerattrojan

© 2018-2024

Terms | Privacy