General

  • Target

    TGX_V4_-_v1.0.1.zip

  • Size

    33MB

  • Sample

    230326-1vct1sab73

  • MD5

    e99af3db67b00b0ea2294d6f6203ce6c

  • SHA1

    4fc97df814e0618fb2e67ffe4b6b52aa83adba60

  • SHA256

    029a99cedf1bcb08fd5def931d0b3ba4eb075cd79870cca47e26041e358841fe

  • SHA512

    349049104564986ead6878811fe36c8a6cfa86638c101a5e694df579f528494b4e7d2e2df090989e750d6abf6cfc92850bf20b0f832353adab7b8e2884f89933

  • SSDEEP

    786432:u/J45nBinc2HAAL7cevxiSpyN0dqbjYchNFHp4XYpCUIqmL65ot6292Qu:u/J45nBs17v7OY2ZpgYFIqzN292z

Malware Config

Targets

    • Target

      TGX V4 - v1.0.1/Cake.Powershell.dll

    • Size

      28KB

    • MD5

      e670c1d9604c5b16161ec0e3ee380b5f

    • SHA1

      553de7b1527aba7b4e65564cb6a18987fb28e3b8

    • SHA256

      e1c4aa1cfc34c4380d919c1b3b6d9f85d436ce0fcf8c711f7a2bf56a21a04958

    • SHA512

      ffe4ded1e6a932c83efb63444b194b0f58695784353af0a4454aed3ec3104205432237f776612f4cb1f405fe3ef13ba2d58c005bd913b0f6ff039a8ae0155d82

    • SSDEEP

      384:VmbMVvW1gULM8tOVS3ozBVDqQqX8LE0y920aVfJUyqWRc3OVykL:VmYVvRSM8tOVS3oml8LEY7Vqec+x

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/DiscordRPC.dll

    • Size

      289KB

    • MD5

      a1c35901ad26a30c5b7836771b6badff

    • SHA1

      94a57cd3452a53c209323a1ce738b9f0fb0d6087

    • SHA256

      517240600b04d454cc5ab7b03e43c4af5a0b831fd2515f25c015a83652ad4cac

    • SHA512

      0af73788858e85df874cc232f5d31765648ffbf53d7fdf388fc1b619f44b9ca172c3ac92c983cbeec5d22b6692cd7d3f20734c8e759fe9cf53ac2671d9c1d5e4

    • SSDEEP

      6144:iiLsvWG766dSiKXs2Ol2JWzh0TWxwpeqN55I8pF+WVe2KN6nB/F:iiLmW8daXs2dWzx5M5I8P+WM2a6tF

    Score
    3/10
    • Target

      TGX V4 - v1.0.1/Electron.dll

    • Size

      10MB

    • MD5

      422033e61c2e450c76066c28496979d2

    • SHA1

      a2de1fbc7ad1c4049dd0f307428ab443cb7708e0

    • SHA256

      c61dc15192473b4ddfbf4ddeab4f112f83990dc18a96853a2001098d40f77512

    • SHA512

      3006fd98be5db6bb5b63b15787a37d741c821add95d860a4f735c2a80a4181383370410573e1ab609d27376e3f9cc58e1cba522ea4083b259f7fbb3c4dad6107

    • SSDEEP

      196608:93bB67MXg4AcLcf8SXzZ4mbTyrdk0qDi+2cahKaY26XNhWOhdzldTR:93bGMXgRK2XKYTq+0qmDK2IbWY

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      TGX V4 - v1.0.1/Evon.dll

    • Size

      4MB

    • MD5

      b3f8a6d115f48ccb6a7d538fc79efeb7

    • SHA1

      83a67aa87f0e8364ead923436176a94795468d82

    • SHA256

      05c0ff3837fbf2014a565ca164786eb547f7514f0be4fc4d0ae2ca94cee96f9b

    • SHA512

      8f79f4321f04c79a8ce9b90d0b8090f3c8ec522dc15cacdc6edaad85b855e6203b658db3d7073af1a420904edb94cdef402a3318d162a7c9ae64c2421c799f0f

    • SSDEEP

      98304:ayMezJfM+xWEL5lOERWP5/Z5qckfXtyfIT1NWQJmF7ZGz5L:JMg+mDDdRk5BFoyfIxAQJeFML

    Score
    3/10
    • Target

      TGX V4 - v1.0.1/ICSharpCode.AvalonEdit.dll

    • Size

      605KB

    • MD5

      8f36b03d547fb3e0f9654d4f3074b89f

    • SHA1

      efa7dc54a626c20cbaec3b19b517a2ab64ac6e63

    • SHA256

      941d014ff2689248704b92e4de92bc7a6015a4fcd31dec426ef2d727acc04231

    • SHA512

      27c3020357d19a1498fff8c70d86e501b2b691a179fcf82d4590f371df6130157e7a88c97d5d22c9dcebd4d94af54d2aff90bb12589b88e6b65f3f50e9067509

    • SSDEEP

      6144:kiYcovb1WrZKNhU7nMjaR6dmnItzdSdoO+MSHMb5RKs8rvD288LPnM+k3XjXAUiW:kPcovbRon6cSEKvrvS88Lf1ltm

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Newtonsoft.Json.dll

    • Size

      685KB

    • MD5

      081d9558bbb7adce142da153b2d5577a

    • SHA1

      7d0ad03fbda1c24f883116b940717e596073ae96

    • SHA256

      b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

    • SHA512

      2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

    • SSDEEP

      12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Scripts/Aimbot 3.0.txt

    • Size

      98KB

    • MD5

      a026af0c23f83d6ec3ee17a4453c7dcf

    • SHA1

      e707b0ebf1eac194e90c70767ee29a1c37e1a4a2

    • SHA256

      81fe4c1f8cbcf06e43a347fd8c39ceef960995031ae71db385c28636dfce3ec8

    • SHA512

      9817501504aa1b4777f8d0b10c9776d224e0aa38e9ca91a6c80d472d5b5ceafac2e507c335a2bd9959073d74912825e1361bae699404b8c3bcdd9306b85c1b79

    • SSDEEP

      1536:3N+t5Lq6w48qJ4UJe6wyG9EeG251GX/J3GC1Zqn+MVpx2RnB:kt5L0UJe6wyG9EeG251GX/J3GC1ciVB

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Scripts/Aimbot.txt

    • Size

      30KB

    • MD5

      3ea5f844c18f550a3db09193c56594e8

    • SHA1

      389968ae4228908180ba68ecfab2ddfabeb0966b

    • SHA256

      d33d3205288b776d977ad0047647bc8d40b83bc7d4f190f86f1011c8b417e983

    • SHA512

      8af81e52e74950a1961ad004400140386b0ad3d49d64e9617ad12d4550a4b1699eddf8e79849a32cdbdad034f25ee535430de9bef0513758e48b29a54d52b440

    • SSDEEP

      768:DW6T+ELiUI29j8vVwP8UkSVDYtDkYNighmLlmyEDKtpWpJ7xwrs5SwG1NBbp0Bwh:iYTEK0y

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Scripts/CC Aimbot.txt

    • Size

      23KB

    • MD5

      3ab630b89a082862b82b552185ea4f84

    • SHA1

      703658e38cb131e6e53491f437a2e7e80a19ba82

    • SHA256

      54cba20aa0213ce83ed348763db0b17a55e4f39fbeae2ef0535ccf76b95bf622

    • SHA512

      9c290dd73db4425643f52f5f72c9c4d55666071141f3efd696e4b757b46ebf9fc6bb964ed61f3d9e3ddcbdf4073850041a43b9df6dbf50fcace9382d875fe77b

    • SSDEEP

      384:vP89lT07hqwp4EfExaDMluPQhKj8NTtXNKCkqJKcGfOtCZukLQKfb/eo5H+mYxsa:vP8XT07hqwp4EfExaDMluPQhKj8NTtXR

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Scripts/Dex Explorer v2.txt

    • Size

      632KB

    • MD5

      317fec7c823a6ba4ad613220b587a0e8

    • SHA1

      3884e8a9a9122e7912c76c919f20c1b9d274f505

    • SHA256

      5573cc6f439511c5ec73b0c88af87bce49cac37475aa32da5b75b931f632a3dc

    • SHA512

      d5adc2137051ab321197d0a2261ab991f5bf16e0271485c64b66679d863efb58191fe269fc40aa39feefd380b28d33168a6910b7ec40dedd2974e6d1d2db0bad

    • SSDEEP

      12288:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOCBkVgfgLcbVgBe28Vk9Gm1OvClEjmD1Szi:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOC0

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Scripts/Dex Explorer.txt

    • Size

      2KB

    • MD5

      2653a7d92c77ce2269e5d83f9276df81

    • SHA1

      dc7789afa8887e2a2e3bf1146c2636ade1f50ec3

    • SHA256

      9e7179b6dfc1ad3a0bd5182290bb335ccf3fd51ecfa7740b8271814a9a564f5d

    • SHA512

      f025b189a5d31fceefb9cec270640b1f63552500657704833b68cd7820bb1c98abc33c8c2976d09b927ecfb2ac30f22c6b51da89d8c186093fc10fdc28d177c2

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Scripts/Mad City 2.txt

    • Size

      266KB

    • MD5

      1f2e26cfc004bdc2f2de0679c8ff2568

    • SHA1

      82f610d4b99fd08b52ffdd7d23b9f036bdcf27ba

    • SHA256

      629a0b979031a8b94d19e55cc1974c1361b491b005ca6b2f849265c5812b39f4

    • SHA512

      155fd7696881f01e401028f39e123a3023d5f84dab1a41c8b0440587b00aa8d4bab6654414c6e5a49ffae69734cbf2f0dac68cb1106a717e4216c69ef762103b

    • SSDEEP

      3072:VS2T6iABa4FZmn//HRR4OhRUU8EdPpES4xFdbIy91oH34O91N8sh/:VVTPzYZmnnoOLUzEdR34xFdbIUoXJisB

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/Scripts/TopKek V3.txt

    • Size

      81KB

    • MD5

      9e488b83078daf39e6f15f90c8d689cf

    • SHA1

      8602a9d4ecb5c4ea52f096e60b72607731c62277

    • SHA256

      c40fe38b134a8484794b773a363377ec8b37ed8bb5b5c88e182f4f7acc60b4c8

    • SHA512

      a86b60e792572ecc512ffad6eab8c271da206fe108d03c9c0156b5eea7a889c61943e88480a14f51ca787c79d084bc099cd3b01e7b5569e6149b3b079a45839a

    • SSDEEP

      768:l9dGinWaivTGFMoN6x94g+SnITXinAUJj0WFtdefC3ELZ7KhJDr0RzKokMy23ckW:Y3sr7b8W2PSh0gpNtiVtB

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/System.Management.Automation.dll

    • Size

      352KB

    • MD5

      835e9ede7e7c774e7a2d56cfdf6e9b17

    • SHA1

      a43ed886b68c6ee913da85df9ad2064f1d81c470

    • SHA256

      c3a5868584a777422cebcf31d6718fd2b26d5e2314d3b5ba6d8e47aa40faba0c

    • SHA512

      74284fd44497beb74326d11a0f63d96aff20aa44cfa8385f6b63b7e6743403c36e2ea4fb0d991767117a97d320e04d2b21f0a4730916244af4ffdaf51e834a26

    • SSDEEP

      3072:d/SDqTIE+QQVVBCTmAG17iT+Lt8D/1L2iLZdrs81sDotEKjRmarzRm+5gSBZqoEJ:d/PXS6WK2iLZdgotEKj9rzRmkgSBAot

    Score
    1/10
    • Target

      TGX V4 - v1.0.1/TGX.exe

    • Size

      686KB

    • MD5

      358553a814a08049588884804d3d1313

    • SHA1

      a59adcb156b401342e5c49cbf450c2c8f6510b20

    • SHA256

      1109750a2a9f11f1bded96bba40ccc4e03a5445ff3c77a40fe0483c969067cac

    • SHA512

      551b7fc34241b330a9235aa66d8cabb0bca610fe4294534e94724ba68fa80581dc218aa2aa6dbd613434bedee01c1a34a254fae3fff6aed0563fe1c588098d6a

    • SSDEEP

      12288:Jjjfq6jHHj3AoQaOpNXKpYri+OpKY/JfFH1LGOUbPF8wTbHGQ:BtLvs/Xxri+OpKsFdGPbWgbHG

    Score
    8/10
    • Downloads MZ/PE file

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      TGX V4 - v1.0.1/WeAreDevs_API.dll

    • Size

      605KB

    • MD5

      f263efb1b579cc33a0f1024c2a18d03b

    • SHA1

      e9dc916b6d4606ba47e30787387dcfd490bafc56

    • SHA256

      f2732f9e3a87d874a3108f8ff0be200bcab9d07fe77b02aaacd94da1efcb3963

    • SHA512

      09a3d948b52b16136f2ce9ecdb094a99092a4a9cf6f324e67a0a5d04d244cf4c3fd2696010f1884272240c3bc24fdaf1edc9ac102bc438564e7fc0be7b2fca34

    • SSDEEP

      12288:F+RkGrbk/x95DR7XZdfrXg+JwuKt/S/60pR5kjo5Bda7EptO:okyk/x9L7Xfw+Jwz/S/69k5BkApt

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Command and Control

Web Service

1
T1102

Tasks

static1

vmprotect
Score
7/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

evasiontrojan
Score
9/10

behavioral6

evasiontrojan
Score
9/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
6/10

behavioral30

Score
8/10

behavioral31

Score
1/10

behavioral32

Score
1/10