toxiceye | 3181d1dd7eca8b6f8998ddbff6379ef5d8ece3e7a60d5838f4d099d4524b03e1 | Triage

Submit
Reports

Overview

overview

Static

static

3

3181d1dd7e...e1.exe

windows7-x64

3181d1dd7e...e1.exe

windows10-2004-x64

Sharing

General

Target

3181d1dd7eca8b6f8998ddbff6379ef5d8ece3e7a60d5838f4d099d4524b03e1
Size

584KB
Sample

241205-lwd15svngq
MD5

001ed9b78e44a5545679286e3872ebc4
SHA1

11a7fa8453ec8a594200b66d889aaf3d3f6a132a
SHA256

3181d1dd7eca8b6f8998ddbff6379ef5d8ece3e7a60d5838f4d099d4524b03e1
SHA512

68ed219c2660d2a2904e2f7c69f378eeac657e11d9d57345de3f0c025ccd03a77a0e66bb095849e17ef9f7abc7a8b6f83822789e12cb02c9e38d0adc969eb84c
SSDEEP

12288:NY4Sjc5JLsNiN5pa3pnISrX+t4eLMd18Sb1sDkwtkn4nQp6WIoD:NJAc79zpaZnISdeLa8Sb1AA4neDD

Score

10^/10

toxiceye discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3181d1dd7eca8b6f8998ddbff6379ef5d8ece3e7a60d5838f4d099d4524b03e1.exe

Resource

win7-20240903-en

toxiceye discovery rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3181d1dd7eca8b6f8998ddbff6379ef5d8ece3e7a60d5838f4d099d4524b03e1.exe

Resource

win10v2004-20241007-en

toxiceye discovery rat trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot6614924384:AAFfRfKSXv_nYZghPcfGxWb5r0pZZqztlKU/sendMessage?chat_id=5006597517

Targets

- Target
  
  3181d1dd7eca8b6f8998ddbff6379ef5d8ece3e7a60d5838f4d099d4524b03e1
- Size
  
  584KB
- MD5
  
  001ed9b78e44a5545679286e3872ebc4
- SHA1
  
  11a7fa8453ec8a594200b66d889aaf3d3f6a132a
- SHA256
  
  3181d1dd7eca8b6f8998ddbff6379ef5d8ece3e7a60d5838f4d099d4524b03e1
- SHA512
  
  68ed219c2660d2a2904e2f7c69f378eeac657e11d9d57345de3f0c025ccd03a77a0e66bb095849e17ef9f7abc7a8b6f83822789e12cb02c9e38d0adc969eb84c
- SSDEEP
  
  12288:NY4Sjc5JLsNiN5pa3pnISrX+t4eLMd18Sb1sDkwtkn4nQp6WIoD:NJAc79zpaZnISdeLa8Sb1AA4neDD
Score

10^/10

toxiceye discovery rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Toxiceye family
  toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyediscoveryrattrojan

behavioral2

toxiceyediscoveryrattrojan

© 2018-2024

Terms | Privacy