Overview

overview

10

Static

static

10

TelegramRAT.exe

windows7-x64

10

TelegramRAT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TelegramRAT.exe

  • Size

    111KB

  • Sample

    250225-zabwjsvkt4

  • MD5

    fba83f24aac967fffc57baf01c095893

  • SHA1

    8cdab10a3facee2d4f758911c3f2e00bb91281b3

  • SHA256

    5d8daed4827846f5c371eb9d958d4b478fa357a495a1cb68df9eecbf40142281

  • SHA512

    22ea406650183dfdd3f27ae9f1461550c3c9de2e62507f0c1af5b783e776df40ed2e59f7d7f009dc8f23b4b1705d7f909c2681501785ef0ec14ba2aa60ca51dc

  • SSDEEP

    1536:I+bUlO0pkM91qQIw8yr9xZxdyyKDWfybhDqI6bQWCzCrAZuqUqDQ:fbWOYkDyrrZxjQbxqHbQWCzCrAZuqBQ

Score
10/10
toxiceyediscoveryrattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7709903928:AAH-JjBArW0_8_MX2hpJCxd-s2x1v94lP2Y/sendMessage?chat_id=5101964078

Targets

    • Target

      TelegramRAT.exe

    • Size

      111KB

    • MD5

      fba83f24aac967fffc57baf01c095893

    • SHA1

      8cdab10a3facee2d4f758911c3f2e00bb91281b3

    • SHA256

      5d8daed4827846f5c371eb9d958d4b478fa357a495a1cb68df9eecbf40142281

    • SHA512

      22ea406650183dfdd3f27ae9f1461550c3c9de2e62507f0c1af5b783e776df40ed2e59f7d7f009dc8f23b4b1705d7f909c2681501785ef0ec14ba2aa60ca51dc

    • SSDEEP

      1536:I+bUlO0pkM91qQIw8yr9xZxdyyKDWfybhDqI6bQWCzCrAZuqUqDQ:fbWOYkDyrrZxjQbxqHbQWCzCrAZuqBQ

    Score
    10/10
    toxiceyediscoveryrattrojan

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks