Overview

overview

10

Static

static

10

TelegramRAT.exe

windows7-x64

10

TelegramRAT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    111KB

  • Sample

    240816-2gstravdkr

  • MD5

    86de4e40528fd099ae01872b6af837cf

  • SHA1

    c616d8e3dc5643a15127dce69a327ce37a6b8ab8

  • SHA256

    7485b221926010f27cda7f15f35a5c465558eb8c20b4fc37053850ed2b4a211a

  • SHA512

    e9912f89c17ff6e7cd897d3256a2a4cd097090dcfee2a8dd85d98de0e618513efe8d3508cca5cbeb2711f27b4602c22cadd25f8eb1b417e7244da54a5db3a4c5

  • SSDEEP

    1536:Y+bxQAsnqLoM91qQIwxHxZxdyyKDWfCbhDqI64QWEzCrAZuhn7Dr:PbTsnwo0RZxjQbxqH4QWEzCrAZuh/r

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7302074945:AAGKx5TnjPyRM_fqN4XQLd4uz-PUp4nl8w4/sendMessage?chat_id=6414125020

Targets

    • Target

      TelegramRAT.exe

    • Size

      111KB

    • MD5

      86de4e40528fd099ae01872b6af837cf

    • SHA1

      c616d8e3dc5643a15127dce69a327ce37a6b8ab8

    • SHA256

      7485b221926010f27cda7f15f35a5c465558eb8c20b4fc37053850ed2b4a211a

    • SHA512

      e9912f89c17ff6e7cd897d3256a2a4cd097090dcfee2a8dd85d98de0e618513efe8d3508cca5cbeb2711f27b4602c22cadd25f8eb1b417e7244da54a5db3a4c5

    • SSDEEP

      1536:Y+bxQAsnqLoM91qQIwxHxZxdyyKDWfCbhDqI64QWEzCrAZuhn7Dr:PbTsnwo0RZxjQbxqH4QWEzCrAZuh/r

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks