Overview

overview

10

Static

static

10

TelegramRAT.exe

windows10-ltsc 2021-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    119KB

  • Sample

    250105-qv5vpaxphk

  • MD5

    6bb2ac8cb9f84678bdfba1a061d53421

  • SHA1

    f5b8388a153d28b7d3434d16b07e557ca08e0132

  • SHA256

    2a29eb506737661d820f87409e83732a8b4a4e66fae7af2cb9776f0c34428054

  • SHA512

    2e18c23e4ba26fe318fb52187102863c5cc1e9f415a96578ea7ef68686f2061a78cd39488dbce5008c2d7e854baa8c46783388d81453b28bf65d580598e9a755

  • SSDEEP

    3072:OOfRzlXCwwFwOwWAmm+G/bxqH8QWqzCrAZuuWN:Or1SWHe/bgR

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendMessage?chat_id=7053620590

Targets

    • Target

      TelegramRAT.exe

    • Size

      119KB

    • MD5

      6bb2ac8cb9f84678bdfba1a061d53421

    • SHA1

      f5b8388a153d28b7d3434d16b07e557ca08e0132

    • SHA256

      2a29eb506737661d820f87409e83732a8b4a4e66fae7af2cb9776f0c34428054

    • SHA512

      2e18c23e4ba26fe318fb52187102863c5cc1e9f415a96578ea7ef68686f2061a78cd39488dbce5008c2d7e854baa8c46783388d81453b28bf65d580598e9a755

    • SSDEEP

      3072:OOfRzlXCwwFwOwWAmm+G/bxqH8QWqzCrAZuuWN:Or1SWHe/bgR

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks