Overview

overview

10

Static

static

10

TelegramRAT.exe

windows7-x64

10

TelegramRAT.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    111KB

  • Sample

    250106-yj6lvaxrak

  • MD5

    11ba79cad619fc51404eeeb0b2d63ef2

  • SHA1

    18646eff9e87752ad26ce6e892e0d321c1f53f5f

  • SHA256

    f1213ec3e74b0caf498b82acdbc5f91fbb673dd46ae225c567124e99d50dbbcf

  • SHA512

    67f6bda4940bc6f213c6a2e4f1a4d2acabbe54367a8461a3965974164572d765ffc9bdb61e3bf50a863534f4128217b7d4b36d5fcfdaf3d1a76b03fa30c5263c

  • SSDEEP

    1536:4+bCgwZPjcM91qQIwIe34xZxdyyKDWfebhDqI6SQWszCrAZuPuQDB:vbOZrc4+Zxj8bxqHSQWszCrAZuPxB

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7959969979:AAEr4ozTFsouJo3NkYoeF5c42CXlMwxFtNU/sendMessage?chat_id=6570905319

Targets

    • Target

      TelegramRAT.exe

    • Size

      111KB

    • MD5

      11ba79cad619fc51404eeeb0b2d63ef2

    • SHA1

      18646eff9e87752ad26ce6e892e0d321c1f53f5f

    • SHA256

      f1213ec3e74b0caf498b82acdbc5f91fbb673dd46ae225c567124e99d50dbbcf

    • SHA512

      67f6bda4940bc6f213c6a2e4f1a4d2acabbe54367a8461a3965974164572d765ffc9bdb61e3bf50a863534f4128217b7d4b36d5fcfdaf3d1a76b03fa30c5263c

    • SSDEEP

      1536:4+bCgwZPjcM91qQIwIe34xZxdyyKDWfebhDqI6SQWszCrAZuPuQDB:vbOZrc4+Zxj8bxqHSQWszCrAZuPxB

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks