Overview

overview

10

Static

static

10

TelegramRAT.exe

windows10-ltsc 2021-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    111KB

  • Sample

    250105-qwvfcavrgs

  • MD5

    43b7c93356db3b366d065d484d12cf0d

  • SHA1

    cbefe3ef152e12104c16cedc1de739086b37494d

  • SHA256

    aff7268f7d07ff44b8e5c331bf9b95db52c66b8490b7f9d8d5c2440b1f161801

  • SHA512

    b63d5a168d10bd0523c14d758127250e0208c3a0f95e4596224e3f5976016129d3203dbdda6b6c4a1f6678cb04fb27bc833c0efd1436b1ae1e7e2dfa203d4563

  • SSDEEP

    1536:C+bAQAsnqLoM91qQIwxHxZxdyyKDWfybhDqI64QWqzCrAZuucvDT:FbKsnwo0RZxjQbxqH4QWqzCrAZuu8T

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendMessage?chat_id=7053620590

Targets

    • Target

      TelegramRAT.exe

    • Size

      111KB

    • MD5

      43b7c93356db3b366d065d484d12cf0d

    • SHA1

      cbefe3ef152e12104c16cedc1de739086b37494d

    • SHA256

      aff7268f7d07ff44b8e5c331bf9b95db52c66b8490b7f9d8d5c2440b1f161801

    • SHA512

      b63d5a168d10bd0523c14d758127250e0208c3a0f95e4596224e3f5976016129d3203dbdda6b6c4a1f6678cb04fb27bc833c0efd1436b1ae1e7e2dfa203d4563

    • SSDEEP

      1536:C+bAQAsnqLoM91qQIwxHxZxdyyKDWfybhDqI64QWqzCrAZuucvDT:FbKsnwo0RZxjQbxqH4QWqzCrAZuu8T

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks