toxiceye | a0ee800f44efdd76e8d5bba6d2d030147be21eff3219a3b7f569cda31ae39fa5 | Triage

Sharing

General

Target

TelegramRAT.bat
Size

410KB
Sample

250110-ljyvsasqbr
MD5

7dda2cf82f482b84c7163a373fd37fe2
SHA1

718684e97ea03e285a11536508701fc3d77f285c
SHA256

a0ee800f44efdd76e8d5bba6d2d030147be21eff3219a3b7f569cda31ae39fa5
SHA512

ed28b9794de7b5de60ec27039628bb19519905212ca563127bee3a45946241b270a3beb6b7a353334f7bf5ed6ebe6ea87a8c9afb922b467b5dd062013e30b48d
SSDEEP

12288:hyfWmMRYqsiadmvG5SFHN1+knBRz+icY9R:hyumpfikmvkSFHN1+kWhYr

Score

10^/10

toxiceye defense_evasion discovery execution rat trojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7803199494:AAF60TOiu94ys8A9DeptAR86ERQjmvZMxEo/sendMessage?chat_id=1687153050

Targets

- Target
  
  TelegramRAT.bat
- Size
  
  410KB
- MD5
  
  7dda2cf82f482b84c7163a373fd37fe2
- SHA1
  
  718684e97ea03e285a11536508701fc3d77f285c
- SHA256
  
  a0ee800f44efdd76e8d5bba6d2d030147be21eff3219a3b7f569cda31ae39fa5
- SHA512
  
  ed28b9794de7b5de60ec27039628bb19519905212ca563127bee3a45946241b270a3beb6b7a353334f7bf5ed6ebe6ea87a8c9afb922b467b5dd062013e30b48d
- SSDEEP
  
  12288:hyfWmMRYqsiadmvG5SFHN1+knBRz+icY9R:hyumpfikmvkSFHN1+kWhYr
Score

10^/10

execution toxiceye defense_evasion discovery rat trojan
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Toxiceye family
  toxiceye
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

toxiceyedefense_evasiondiscoveryexecutionrattrojan