Overview

overview

10

Static

static

10

TelegramRAT.exe

windows10-ltsc 2021-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    119KB

  • Sample

    250105-pj4mtatnhz

  • MD5

    47436ad8508cbdbede6535db163766bc

  • SHA1

    c6c6f8eb7dac9f294da1547e30c320a7d316bf52

  • SHA256

    43eca90ecc5958fd358a9240f31b1811ad2d01c6db10397cfd88e445ff8be5e0

  • SHA512

    255a5618cf57a4930e08e02628bef7533289e2968fcf0d1db617447f7c04245978fc9d83c29247ffd9478a5428a3491a28458bcb2eb05efb0a4566ad43bf5a9c

  • SSDEEP

    3072:gAWfRzlXCwwFwOwWAmm+G/bxqH8QW8zCrAZu/tM1:gAD1SWHe/bg/p

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7919388970:AAGC7fUBzVyMANzjN6bhRPjR0LNTw4C5Zlo/sendMessage?chat_id=8130842755

Targets

    • Target

      TelegramRAT.exe

    • Size

      119KB

    • MD5

      47436ad8508cbdbede6535db163766bc

    • SHA1

      c6c6f8eb7dac9f294da1547e30c320a7d316bf52

    • SHA256

      43eca90ecc5958fd358a9240f31b1811ad2d01c6db10397cfd88e445ff8be5e0

    • SHA512

      255a5618cf57a4930e08e02628bef7533289e2968fcf0d1db617447f7c04245978fc9d83c29247ffd9478a5428a3491a28458bcb2eb05efb0a4566ad43bf5a9c

    • SSDEEP

      3072:gAWfRzlXCwwFwOwWAmm+G/bxqH8QW8zCrAZu/tM1:gAD1SWHe/bg/p

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks