Overview

overview

10

Static

static

10

BootstrapperV1.16.exe

windows7-x64

10

BootstrapperV1.16.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BootstrapperV1.16.exe.exe

  • Size

    381KB

  • Sample

    240816-31myaavepg

  • MD5

    12d943d0d655d4d54b91d175c3e46e02

  • SHA1

    9b115a4874f3da04e29315e09e50a2d61b826de8

  • SHA256

    9d6024dfb9f60054eb1316eb33bf8cbc5c802d9e477a9603db5e1ed585e556f8

  • SHA512

    1746222789c3f480f9364f3dd654f41be5ed3d520a58f5cd69e0cd08a8d59b81a796c6ac3e6603db493f3d5a48bc748280e19cfd48f4925f7fc38b16b9e38640

  • SSDEEP

    6144:mSncRleSncRlFSncRl0snwou0bUrCsnwou0bUr:r4p4O4Dnwou5vnwou5

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7302074945:AAGKx5TnjPyRM_fqN4XQLd4uz-PUp4nl8w4/sendMessage?chat_id=6414125020

Targets

    • Target

      BootstrapperV1.16.exe.exe

    • Size

      381KB

    • MD5

      12d943d0d655d4d54b91d175c3e46e02

    • SHA1

      9b115a4874f3da04e29315e09e50a2d61b826de8

    • SHA256

      9d6024dfb9f60054eb1316eb33bf8cbc5c802d9e477a9603db5e1ed585e556f8

    • SHA512

      1746222789c3f480f9364f3dd654f41be5ed3d520a58f5cd69e0cd08a8d59b81a796c6ac3e6603db493f3d5a48bc748280e19cfd48f4925f7fc38b16b9e38640

    • SSDEEP

      6144:mSncRleSncRlFSncRl0snwou0bUrCsnwou0bUr:r4p4O4Dnwou5vnwou5

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks