toxiceye | 31312ebd622e3183979c4881b32bf5a9cb33c45b9216cac1dd33af4d12da77be | Triage

Submit
Reports

Overview

overview

Static

static

0C1CU_TelegramRAT.exe

windows7-x64

0C1CU_TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

0C1CU_TelegramRAT.exe
Size

119KB
Sample

250105-qylafsxqel
MD5

57ec698eadd8a43268b10ee599c5e2b3
SHA1

6bcc4f0da802feb01914faf33eb2c32aafdbf707
SHA256

31312ebd622e3183979c4881b32bf5a9cb33c45b9216cac1dd33af4d12da77be
SHA512

b19a4a45003592c9b3b4fdc1ee65461f459f8e41c759571ae0b3925be716b353620a9f1e1fe59fc49901a28aead8d5ed56bac4d5ff1fa123b29046f3a44cd8a6
SSDEEP

3072:+nKxltkwILOo2qmm+G/bxqHhQWqzCrAZuu7Y:Zti2xe/bge

Score

10^/10

toxiceye discovery rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0C1CU_TelegramRAT.exe

Resource

win7-20240903-en

toxiceye discovery rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

0C1CU_TelegramRAT.exe

Resource

win10v2004-20241007-en

toxiceye discovery rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendMessage?chat_id=7053620590

Targets

- Target
  
  0C1CU_TelegramRAT.exe
- Size
  
  119KB
- MD5
  
  57ec698eadd8a43268b10ee599c5e2b3
- SHA1
  
  6bcc4f0da802feb01914faf33eb2c32aafdbf707
- SHA256
  
  31312ebd622e3183979c4881b32bf5a9cb33c45b9216cac1dd33af4d12da77be
- SHA512
  
  b19a4a45003592c9b3b4fdc1ee65461f459f8e41c759571ae0b3925be716b353620a9f1e1fe59fc49901a28aead8d5ed56bac4d5ff1fa123b29046f3a44cd8a6
- SSDEEP
  
  3072:+nKxltkwILOo2qmm+G/bxqHhQWqzCrAZuu7Y:Zti2xe/bge
Score

10^/10

toxiceye discovery rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Toxiceye family
  toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyediscoveryrattrojan

behavioral2

toxiceyediscoveryrattrojan

© 2018-2025

Terms | Privacy