toxiceye | 6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75 | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

111KB
Sample

250108-xaj6taykcw
MD5

e3d580a17a351366392ec9e2af674524
SHA1

354e8f441c2fa510e1b3ecab222280649a7efb9a
SHA256

6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75
SHA512

a7e2726a2b28a39f6624f419ab9194b4c8e3d4c117e324c2719b3f944c5262cbc064df8989d34b984d8541767327d18381adf6678e4445dc8a49afe0a0824309
SSDEEP

1536:dn+bAQACiEXM91qQIwvL9x1Cc0Di4OybhDqI64QW6zCrAZuQPEDrL:sbaCHXELrJp6bxqH4QW6zCrAZuQwv

Score

10^/10

toxiceye bootkit discovery persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win10v2004-20241007-en

toxiceye bootkit discovery persistence rat trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  111KB
- MD5
  
  e3d580a17a351366392ec9e2af674524
- SHA1
  
  354e8f441c2fa510e1b3ecab222280649a7efb9a
- SHA256
  
  6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75
- SHA512
  
  a7e2726a2b28a39f6624f419ab9194b4c8e3d4c117e324c2719b3f944c5262cbc064df8989d34b984d8541767327d18381adf6678e4445dc8a49afe0a0824309
- SSDEEP
  
  1536:dn+bAQACiEXM91qQIwvL9x1Cc0Di4OybhDqI64QW6zCrAZuQPEDrL:sbaCHXELrJp6bxqH4QW6zCrAZuQwv
Score

10^/10

toxiceye bootkit discovery persistence rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Toxiceye family
  toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Pre-OS Boot

Bootkit

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyebootkitdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy