Overview

overview

10

Static

static

10

37b140b412...c0.exe

windows7-x64

10

37b140b412...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20761421214.zip

  • Size

    48KB

  • Sample

    250117-ms56wstnby

  • MD5

    bcafb3c3ca7ca6279d4e52d6eb8a963c

  • SHA1

    4f4b247e1347ef1f38fce4e3ad1a6dc6dbd1bbe2

  • SHA256

    8c9ef5ff2437ecf95baf72cee8b6985d5120b10ded71a0796bcc5d53256b0c3b

  • SHA512

    bf389329889765da53ce37de8d56ec2ba269348d993fb4f0073ca94eccd1c012b70b028edf06b5400284a270add55b3738ea8489859359a67a2ab0cf81aabee7

  • SSDEEP

    1536:mZIkS+zUsIZPgT4smigGA5uTvKUetediPrdH5pq:mikbTI9XHYC4dixH50

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7911729112:AAEuTZHylBR8xvMwBBJkAhqei5-2oRO4_Xc/sendMessage?chat_id=5648840512

Targets

    • Target

      37b140b412b4b35dd1569ec67fb624be586bc4ed0b18999584ce91dd0872e4c0

    • Size

      111KB

    • MD5

      98cd6339d0013464151fe4719924480e

    • SHA1

      6193255218effdef76de60ad5d98d76cca5c400f

    • SHA256

      37b140b412b4b35dd1569ec67fb624be586bc4ed0b18999584ce91dd0872e4c0

    • SHA512

      b06def8ffd3b2cac2c3beb3146f4306fbd9562a561cf62c26864db124a3a84499506b005344411597fe84b0291b7e2c0e1c45398cebd958d374e8fc45582b75d

    • SSDEEP

      3072:1bs2teAmbPICnM4bxqHaQ50ICrAZ5Y4I:HteAmbPIV4bg9

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks