C:\Users\devba\Downloads\ToxicEye-master\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb
Behavioral task
behavioral1
Sample
TelegramRAT.exe
Resource
win7-20240704-en
General
-
Target
TelegramRAT.exe
-
Size
111KB
-
MD5
86de4e40528fd099ae01872b6af837cf
-
SHA1
c616d8e3dc5643a15127dce69a327ce37a6b8ab8
-
SHA256
7485b221926010f27cda7f15f35a5c465558eb8c20b4fc37053850ed2b4a211a
-
SHA512
e9912f89c17ff6e7cd897d3256a2a4cd097090dcfee2a8dd85d98de0e618513efe8d3508cca5cbeb2711f27b4602c22cadd25f8eb1b417e7244da54a5db3a4c5
-
SSDEEP
1536:Y+bxQAsnqLoM91qQIwxHxZxdyyKDWfCbhDqI64QWEzCrAZuhn7Dr:PbTsnwo0RZxjQbxqH4QWEzCrAZuh/r
Malware Config
Extracted
toxiceye
https://api.telegram.org/bot7302074945:AAGKx5TnjPyRM_fqN4XQLd4uz-PUp4nl8w4/sendMessage?chat_id=6414125020
Signatures
-
Toxiceye family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource TelegramRAT.exe
Files
-
TelegramRAT.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ