toxiceye | 0C1CU_TelegramRAT[.]exe | Triage

Sharing

General

Target

0C1CU_TelegramRAT.exe
Size

119KB
MD5

57ec698eadd8a43268b10ee599c5e2b3
SHA1

6bcc4f0da802feb01914faf33eb2c32aafdbf707
SHA256

31312ebd622e3183979c4881b32bf5a9cb33c45b9216cac1dd33af4d12da77be
SHA512

b19a4a45003592c9b3b4fdc1ee65461f459f8e41c759571ae0b3925be716b353620a9f1e1fe59fc49901a28aead8d5ed56bac4d5ff1fa123b29046f3a44cd8a6
SSDEEP

3072:+nKxltkwILOo2qmm+G/bxqHhQWqzCrAZuu7Y:Zti2xe/bge

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendMessage?chat_id=7053620590

Signatures

Toxiceye family
toxiceye

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0C1CU_TelegramRAT.exe

Files

0C1CU_TelegramRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\PC\Downloads\ToxicEye (RAT + STEALER + CLIPPER)\ToxicEye (RAT + STEALER + CLIPPER)\ToxicEye\TelegramRAT\obj\Debug\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ