toxiceye | 5388046d3857b4c97d326ab5a964b126d1f43e9db4703d6218de4871a6b02a09 | Triage

Sharing

General

Target

5388046d3857b4c97d326ab5a964b126d1f43e9db4703d6218de4871a6b02a09
Size

111KB
Sample

240809-1bb4dazdmp
MD5

af988c40298a29b6f7dba1226ff31d5b
SHA1

5f5d11205529b7996d2cbf0f62c9dbe57175eef2
SHA256

5388046d3857b4c97d326ab5a964b126d1f43e9db4703d6218de4871a6b02a09
SHA512

77eb82d6e687f8e8d136b57cd3083a1d39ed8d9ef62a55c3a6cebbb2d76e56974ddaf16078cadf5752fc08966571953910fed0d13a93da789a42d70f46547359
SSDEEP

1536:/+bZQAsnqLoM91qQIwxHxxxdyyKDWfibhDqI64QWBzCrAZusMED1:Gbbsnwo0RxxjQbxqH4QWBzCrAZusb1

Score

10^/10

toxiceye discovery rat trojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7472612732:AAHtYzrM3OPUmN3cHcXAWnGN1O1qCdwUvZU/sendMessage?chat_id=6749835329

Targets

- Target
  
  5388046d3857b4c97d326ab5a964b126d1f43e9db4703d6218de4871a6b02a09
- Size
  
  111KB
- MD5
  
  af988c40298a29b6f7dba1226ff31d5b
- SHA1
  
  5f5d11205529b7996d2cbf0f62c9dbe57175eef2
- SHA256
  
  5388046d3857b4c97d326ab5a964b126d1f43e9db4703d6218de4871a6b02a09
- SHA512
  
  77eb82d6e687f8e8d136b57cd3083a1d39ed8d9ef62a55c3a6cebbb2d76e56974ddaf16078cadf5752fc08966571953910fed0d13a93da789a42d70f46547359
- SSDEEP
  
  1536:/+bZQAsnqLoM91qQIwxHxxxdyyKDWfibhDqI64QWBzCrAZusMED1:Gbbsnwo0RxxjQbxqH4QWBzCrAZusb1
Score

10^/10

toxiceye discovery rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyediscoveryrattrojan

behavioral2

toxiceyediscoveryrattrojan