toxiceye | 5822af7d64cbd61712360d830cb53a45b37cb1c598b2b3d8d2fd4d3d2a035fe6 | Triage

Sharing

General

Target

70fa898950f942fa7d9ff085fa8dcd66_JaffaCakes118
Size

4.4MB
Sample

241023-1qkn3atanr
MD5

70fa898950f942fa7d9ff085fa8dcd66
SHA1

ea4cfdcf8f577c4955e17b6581886471d295fbc6
SHA256

5822af7d64cbd61712360d830cb53a45b37cb1c598b2b3d8d2fd4d3d2a035fe6
SHA512

70fac8d7611fc4d4e4d3a1c89774c40e860eb6348d892947ed5fdc5271e1c5dafecf5ee8cff671953d675179c211ac828dc4c73fa7fc6852130470abe6eb1986
SSDEEP

98304:GXykAvAZGuDkMKYqb+PVW95rELKwaalIBLMruHlrXEG++koSafOX:GyHKkMKYWqs5rELKEIBc6z++kFafy

Score

10^/10

toxiceye discovery persistence pyinstaller rat trojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot1929200100:AAFApHmZ6GD9WbEolE1gi0bnOTW4ipj-SSA/sendMessage?chat_id=1917426247

Targets

- Target
  
  70fa898950f942fa7d9ff085fa8dcd66_JaffaCakes118
- Size
  
  4.4MB
- MD5
  
  70fa898950f942fa7d9ff085fa8dcd66
- SHA1
  
  ea4cfdcf8f577c4955e17b6581886471d295fbc6
- SHA256
  
  5822af7d64cbd61712360d830cb53a45b37cb1c598b2b3d8d2fd4d3d2a035fe6
- SHA512
  
  70fac8d7611fc4d4e4d3a1c89774c40e860eb6348d892947ed5fdc5271e1c5dafecf5ee8cff671953d675179c211ac828dc4c73fa7fc6852130470abe6eb1986
- SSDEEP
  
  98304:GXykAvAZGuDkMKYqb+PVW95rELKwaalIBLMruHlrXEG++koSafOX:GyHKkMKYWqs5rELKEIBc6z++kFafy
Score

10^/10

toxiceye discovery persistence pyinstaller rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyediscoverypersistencepyinstallerrattrojan

behavioral2

toxiceyediscoverypersistencepyinstallerrattrojan