toxiceye | a0ee800f44efdd76e8d5bba6d2d030147be21eff3219a3b7f569cda31ae39fa5 | Triage

Submit
Reports

Overview

overview

Static

static

1

TelegramRAT.bat

windows10-2004-x64

Sharing

General

Target

TelegramRAT.bat
Size

410KB
Sample

250110-lg3qyssper
MD5

7dda2cf82f482b84c7163a373fd37fe2
SHA1

718684e97ea03e285a11536508701fc3d77f285c
SHA256

a0ee800f44efdd76e8d5bba6d2d030147be21eff3219a3b7f569cda31ae39fa5
SHA512

ed28b9794de7b5de60ec27039628bb19519905212ca563127bee3a45946241b270a3beb6b7a353334f7bf5ed6ebe6ea87a8c9afb922b467b5dd062013e30b48d
SSDEEP

12288:hyfWmMRYqsiadmvG5SFHN1+knBRz+icY9R:hyumpfikmvkSFHN1+kWhYr

Score

10^/10

toxiceye discovery execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

TelegramRAT.bat

Resource

win10v2004-20241007-en

toxiceye discovery execution rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7803199494:AAF60TOiu94ys8A9DeptAR86ERQjmvZMxEo/sendMessage?chat_id=1687153050

Targets

- Target
  
  TelegramRAT.bat
- Size
  
  410KB
- MD5
  
  7dda2cf82f482b84c7163a373fd37fe2
- SHA1
  
  718684e97ea03e285a11536508701fc3d77f285c
- SHA256
  
  a0ee800f44efdd76e8d5bba6d2d030147be21eff3219a3b7f569cda31ae39fa5
- SHA512
  
  ed28b9794de7b5de60ec27039628bb19519905212ca563127bee3a45946241b270a3beb6b7a353334f7bf5ed6ebe6ea87a8c9afb922b467b5dd062013e30b48d
- SSDEEP
  
  12288:hyfWmMRYqsiadmvG5SFHN1+knBRz+icY9R:hyumpfikmvkSFHN1+kWhYr
Score

10^/10

toxiceye discovery execution rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Toxiceye family
  toxiceye
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

toxiceyediscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy