toxiceye | aa85fb55d123c655e9e54517a21660085cc6518626d1a2e484f67d28c3f828a1 | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows7-x64

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

119KB
Sample

250105-qrc1haxnhm
MD5

39961917429b1031a294302cc7a40b0e
SHA1

529b27132bbc146fbdcb1d1c8ad9207b5cd1c2d2
SHA256

aa85fb55d123c655e9e54517a21660085cc6518626d1a2e484f67d28c3f828a1
SHA512

754d6a5fd1382b34891fbd0bcc5e2108023eb52cad9996cc8a332f4fb6251a3ba508767b074de0481b0b9a2ac68fe0605d98934dbfd7eaba5cbbc5a940550a46
SSDEEP

3072:CIfRzlXCwwFwOwWAmm+m/bxqH8QWqzCrAZuudL:CN1SWH+/bgR

Score

10^/10

toxiceye discovery rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win7-20241010-en

toxiceye discovery rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

TelegramRAT.exe

Resource

win10v2004-20241007-en

toxiceye discovery rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendMessage?chat_id=7053620590

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  119KB
- MD5
  
  39961917429b1031a294302cc7a40b0e
- SHA1
  
  529b27132bbc146fbdcb1d1c8ad9207b5cd1c2d2
- SHA256
  
  aa85fb55d123c655e9e54517a21660085cc6518626d1a2e484f67d28c3f828a1
- SHA512
  
  754d6a5fd1382b34891fbd0bcc5e2108023eb52cad9996cc8a332f4fb6251a3ba508767b074de0481b0b9a2ac68fe0605d98934dbfd7eaba5cbbc5a940550a46
- SSDEEP
  
  3072:CIfRzlXCwwFwOwWAmm+m/bxqH8QWqzCrAZuudL:CN1SWH+/bgR
Score

10^/10

toxiceye discovery rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Toxiceye family
  toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyediscoveryrattrojan

behavioral2

toxiceyediscoveryrattrojan

© 2018-2025

Terms | Privacy