toxiceye | TelegramRAT[.]exe | Triage

Sharing

General

Target

TelegramRAT.exe
Size

111KB
MD5

48956d16278bdeb1f20efa2100a48f77
SHA1

24d9416bf14e6a0d8a9b4970e427adf2bfc8198f
SHA256

214cd570dd081fdde7641308a69ec11f27359e77251e6f21560065336c5b1760
SHA512

0f809d1b3d0495d7247dc150f51a4633652f1aa942983796b0ba785216e334089c1af03e82e16267dad9052ccb576b09dfdd63dee01d834385819f3e7ffcdc88
SSDEEP

3072:Fb5EHVelXr0ZxjQbxqHUVQWJzCrAZuhNdfm9jAbh0:PEHVelbAUbU0D

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7803199494:AAF60TOiu94ys8A9DeptAR86ERQjmvZMxEo/sendMessage?chat_id=1687153050

Signatures

Toxiceye family
toxiceye

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TelegramRAT.exe

Files

TelegramRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Karos\Desktop\ToxicEye\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ