toxiceye | TelegramRAT[.]exe | Triage

Sharing

General

Target

TelegramRAT.exe
Size

111KB
MD5

11ba79cad619fc51404eeeb0b2d63ef2
SHA1

18646eff9e87752ad26ce6e892e0d321c1f53f5f
SHA256

f1213ec3e74b0caf498b82acdbc5f91fbb673dd46ae225c567124e99d50dbbcf
SHA512

67f6bda4940bc6f213c6a2e4f1a4d2acabbe54367a8461a3965974164572d765ffc9bdb61e3bf50a863534f4128217b7d4b36d5fcfdaf3d1a76b03fa30c5263c
SSDEEP

1536:4+bCgwZPjcM91qQIwIe34xZxdyyKDWfebhDqI6SQWszCrAZuPuQDB:vbOZrc4+Zxj8bxqHSQWszCrAZuPxB

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7959969979:AAEr4ozTFsouJo3NkYoeF5c42CXlMwxFtNU/sendMessage?chat_id=6570905319

Signatures

Toxiceye family
toxiceye

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TelegramRAT.exe

Files

TelegramRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\fun\FUN FUN\Hxl Tools\malware tools good rn\telegram bot stealer\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ