Overview

overview

10

Static

static

10

stub.exe

windows10-1703-x64

7

stub.exe

windows7-x64

7

svchost.exe

windows10-1703-x64

6

svchost.exe

windows7-x64

6

win-xworm-builder.exe

windows10-1703-x64

10

win-xworm-builder.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New folder.rar

  • Size

    1.2MB

  • Sample

    240915-v5pzfavgrq

  • MD5

    b8c49a1abea7ca865b15fceb68b96363

  • SHA1

    267f11de371d4cc673b9ae1b5f3503c498686504

  • SHA256

    82b64b77d0723388fbefd41fcd58010b2415748f60d5681c9ff8faca9cd791bd

  • SHA512

    096fb3263b5b796b2cf1e0ee85b46c8503092f40be52f3226ddfb5b927653a8fd68a7700a7a5ed04356577916f2e3148d988febff2ce1d04fb2393ef9ea0462d

  • SSDEEP

    24576:nRGhli39hUJDeDSvC38G25DeSAyNwpPt9xMmWBWdQKeZy/daID6rH4B+:nRGqPrcN4KmW8ReAawnA

Score
10/10
toxiceyediscoverypersistencerattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot5687152406:AAFin_LYFhJGLydMgYheeUDec-2orew51aM/sendMessage?chat_id=2024893777

Targets

    • Target

      stub.exe

    • Size

      632KB

    • MD5

      5c6e32d6dfb5bad80129574cc90a3461

    • SHA1

      1febedd13b1005d3f4a380de56e68cba0decb029

    • SHA256

      729602d72845112d02388d95f9edd929909531743d90045d86e519f38c83d77d

    • SHA512

      e979d993dadd18c97dcf3024b846eb8c5b8e78f8941a5dfe0a40d99286b198083e359b8e32cfe3848a1a88bbcfc2a3523de9434acc15d481cc8bbf4330ccdc6d

    • SSDEEP

      12288:zhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aBgSuq7:5RmJkcoQricOIQxiZY1iaqrq7

    Score
    7/10
    discovery

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      svchost.exe

    • Size

      1.1MB

    • MD5

      b712b99d538d008e8143133ac693ef51

    • SHA1

      cfc1258686f1a225d2135ed6c0732baf63ca669d

    • SHA256

      070d3e2a7c22c669354fbe8fe40f411f26b247c5077049f2b8e51d702ea0f730

    • SHA512

      f0a1f78761d334bf71ab19f862950541853a52191f2b5709a351094ca116929b46965c8d5c6b1b0a4a2ef0651407a37a8550d8d26254619f9f4f5352419bb72a

    • SSDEEP

      24576:0RmJkcoQricOIQxiZY1iaJPxDnQTaBCoBunYWb5LtIu:RJZoQrbTFZY1iaJPxD4XwQt9

    Score
    6/10
    discoverypersistence
    behavioral3behavioral4

    • Target

      win-xworm-builder.exe

    • Size

      793KB

    • MD5

      835d21dc5baa96f1ce1bf6b66d92d637

    • SHA1

      e0fb2a01a9859f0d2c983b3850c76f8512817e2d

    • SHA256

      e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

    • SHA512

      747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

    • SSDEEP

      24576:rcHV1ApBOr1sU6uEgjhlOCDw8mEFAuYg2OWpTMqBx+fdTmG2Y4MT9ffD+CzKcbm+:oApBOr1sU6uEgjhlOCDw8mEFAuYg2OWm

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Deletes itself

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks