toxiceye | TelegramRAT[.]exe | Triage

Sharing

General

Target

TelegramRAT.exe
Size

111KB
MD5

025bf19e446008b4c106c0a7902d0642
SHA1

adfd46ffc2ed0d222300a14b44a3dc12501afc2d
SHA256

57fc2aa26b8201492d155bf05feb116cd0dc014731b62c3037c6fbfcd9f164f0
SHA512

ba105aad1638dbee0dd055a2fe558dba7da6c8561644fb4d4e2446d72b01f55eaaf61c024010b430fb0d76ebf89363217e329e366831a340944848f7498625fe
SSDEEP

1536:s+beLszyDM91qQIw5dxZxdyyKDWfCbhDqI6jQWCzCrAZuWXWDz:DbeLs2D8LZxjQbxqHjQWCzCrAZuW6z

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7514641915:AAFzogNbQamJYUwX_0HIALzpEmh0fhPZ-6o/sendMessage?chat_id=4545912113

Signatures

Toxiceye family
toxiceye

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
TelegramRAT.exe

Files

TelegramRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Anonymous\Desktop\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ