General
-
Target
TGX.exe
-
Size
19.0MB
-
Sample
230329-b8at5sec83
-
MD5
f11e3a4b0b3dfbeeda1093a3d23103a9
-
SHA1
249ac84328d018b6c1f8bdc158210d73d1dfa895
-
SHA256
e57f065b20a5bcc1b515ca93b86f221783ddf5880f660f552b5a9735fce540a7
-
SHA512
baedf5d8da21ec93d007d51f750d6c3edcee28d8a01f1c549e1adb7268da48d6df1d9467f1506dc72fb7d1b01b1142bb8ab174b7122a101de8bc8e86dc423990
-
SSDEEP
393216:vpoJ0krl5Tb9KaS4d2OfGJxZ8AB1SNjmJ4Uoy7Tk15HZKU:vpohLb9KaIOoD8Aom1V7T7U
Static task
static1
Behavioral task
behavioral1
Sample
TGX.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TGX.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
im523
HacKed
browser-bangladesh.at.ply.gg:14018
675f4fe6228789d2c44bb51781f399e5
-
reg_key
675f4fe6228789d2c44bb51781f399e5
-
splitter
|'|'|
Targets
-
-
Target
TGX.exe
-
Size
19.0MB
-
MD5
f11e3a4b0b3dfbeeda1093a3d23103a9
-
SHA1
249ac84328d018b6c1f8bdc158210d73d1dfa895
-
SHA256
e57f065b20a5bcc1b515ca93b86f221783ddf5880f660f552b5a9735fce540a7
-
SHA512
baedf5d8da21ec93d007d51f750d6c3edcee28d8a01f1c549e1adb7268da48d6df1d9467f1506dc72fb7d1b01b1142bb8ab174b7122a101de8bc8e86dc423990
-
SSDEEP
393216:vpoJ0krl5Tb9KaS4d2OfGJxZ8AB1SNjmJ4Uoy7Tk15HZKU:vpohLb9KaIOoD8Aom1V7T7U
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-