Overview

overview

10

Static

static

3

Release.exe

windows10-2004-x64

Release.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Release.exe

  • Size

    597KB

  • Sample

    241004-1rv67ayaqm

  • MD5

    606053f855e7969e596bfce116360cd4

  • SHA1

    78c4bf47fa78eca3a89d1061d21275836902d5c6

  • SHA256

    2d7d41e9ed34a165cd45ef6e9700c5d70d43cd3e9a2686389cd667bd5d2a30ef

  • SHA512

    85e40a1b11db1ef340e5c794315046e8db047963228f1780bc47356a8ff52e4c1beb72acbdd83709aca898ef7194f224d1b13e6bcca4efb28ec61d1df1d057f5

  • SSDEEP

    12288:yyveQB/fTHIGaPkKEYzURNAwbAgOT+t1R2RxoC/aHK09Tp:yuDXTIGaPhEYzUzA0bsWjT

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7370990677:AAFRG5SGghnaK_mDZqGyrOAkScygRIFkkzQ/sendMessage?chat_id=7315171848

Targets

    • Target

      Release.exe

    • Size

      597KB

    • MD5

      606053f855e7969e596bfce116360cd4

    • SHA1

      78c4bf47fa78eca3a89d1061d21275836902d5c6

    • SHA256

      2d7d41e9ed34a165cd45ef6e9700c5d70d43cd3e9a2686389cd667bd5d2a30ef

    • SHA512

      85e40a1b11db1ef340e5c794315046e8db047963228f1780bc47356a8ff52e4c1beb72acbdd83709aca898ef7194f224d1b13e6bcca4efb28ec61d1df1d057f5

    • SSDEEP

      12288:yyveQB/fTHIGaPkKEYzURNAwbAgOT+t1R2RxoC/aHK09Tp:yuDXTIGaPhEYzUzA0bsWjT

    Score
    10/10
    toxiceyediscoveryrattrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks