toxiceye | 20761421214[.]zip | Triage

Sharing

General

Target

20761421214.zip
Size

48KB
MD5

bcafb3c3ca7ca6279d4e52d6eb8a963c
SHA1

4f4b247e1347ef1f38fce4e3ad1a6dc6dbd1bbe2
SHA256

8c9ef5ff2437ecf95baf72cee8b6985d5120b10ded71a0796bcc5d53256b0c3b
SHA512

bf389329889765da53ce37de8d56ec2ba269348d993fb4f0073ca94eccd1c012b70b028edf06b5400284a270add55b3738ea8489859359a67a2ab0cf81aabee7
SSDEEP

1536:mZIkS+zUsIZPgT4smigGA5uTvKUetediPrdH5pq:mikbTI9XHYC4dixH50

Score

10^/10

toxiceye

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7911729112:AAEuTZHylBR8xvMwBBJkAhqei5-2oRO4_Xc/sendMessage?chat_id=5648840512

Signatures

Toxiceye family
toxiceye

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/37b140b412b4b35dd1569ec67fb624be586bc4ed0b18999584ce91dd0872e4c0

Files

20761421214.zip
.zip

Password: infected
37b140b412b4b35dd1569ec67fb624be586bc4ed0b18999584ce91dd0872e4c0
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Silly\OneDrive\Escritorio\ToxicEye-master\TelegramRAT\TelegramRAT\obj\Release\TelegramRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ