56334550353b03c47980eabb2ba52487b2b542f747c6da5d75b2bf4087e19b3b

Sharing

Copy URL

Twitter E-mail

General

Target

TGX_V5_-_V1.0.0.zip
Size

10.3MB
Sample

230609-cxwg5sbd4t
MD5

ab82f0042fd2589f06622d8d2637724b
SHA1

e97b7b15f29e8c0ddb8e6d7ca00b2eafb317ecc9
SHA256

56334550353b03c47980eabb2ba52487b2b542f747c6da5d75b2bf4087e19b3b
SHA512

8f7f9a26fdfe7e8cd1f68aff8f392dbfec13d93c3e490f210d587d6167406c5efacf2c1ad4d105b0c2e777c043ef5f1943c449ba2723c3657a9d4c34144432e7
SSDEEP

196608:LxNe1S84xLj/8IeVGyZEHR4JcuPqJHjXQMODlQxnOCmVe03WV4uH/oyJmzpeNeE9:L7QV4J/8eyYXuiJH0MG0aAQWGmvU4NeU

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  TGX V5 - V1.0.0/DiscordRPC.dll
- Size
  
  289KB
- MD5
  
  a1c35901ad26a30c5b7836771b6badff
- SHA1
  
  94a57cd3452a53c209323a1ce738b9f0fb0d6087
- SHA256
  
  517240600b04d454cc5ab7b03e43c4af5a0b831fd2515f25c015a83652ad4cac
- SHA512
  
  0af73788858e85df874cc232f5d31765648ffbf53d7fdf388fc1b619f44b9ca172c3ac92c983cbeec5d22b6692cd7d3f20734c8e759fe9cf53ac2671d9c1d5e4
- SSDEEP
  
  6144:iiLsvWG766dSiKXs2Ol2JWzh0TWxwpeqN55I8pF+WVe2KN6nB/F:iiLmW8daXs2dWzx5M5I8P+WM2a6tF
Score

3^/10
behavioral1 behavioral2
- Target
  
  TGX V5 - V1.0.0/ICSharpCode.AvalonEdit.dll
- Size
  
  605KB
- MD5
  
  8f36b03d547fb3e0f9654d4f3074b89f
- SHA1
  
  efa7dc54a626c20cbaec3b19b517a2ab64ac6e63
- SHA256
  
  941d014ff2689248704b92e4de92bc7a6015a4fcd31dec426ef2d727acc04231
- SHA512
  
  27c3020357d19a1498fff8c70d86e501b2b691a179fcf82d4590f371df6130157e7a88c97d5d22c9dcebd4d94af54d2aff90bb12589b88e6b65f3f50e9067509
- SSDEEP
  
  6144:kiYcovb1WrZKNhU7nMjaR6dmnItzdSdoO+MSHMb5RKs8rvD288LPnM+k3XjXAUiW:kPcovbRon6cSEKvrvS88Lf1ltm
Score

1^/10
behavioral3 behavioral4
- Target
  
  TGX V5 - V1.0.0/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral5 behavioral6
- Target
  
  TGX V5 - V1.0.0/Scripts/Aimbot 3.0.txt
- Size
  
  98KB
- MD5
  
  a026af0c23f83d6ec3ee17a4453c7dcf
- SHA1
  
  e707b0ebf1eac194e90c70767ee29a1c37e1a4a2
- SHA256
  
  81fe4c1f8cbcf06e43a347fd8c39ceef960995031ae71db385c28636dfce3ec8
- SHA512
  
  9817501504aa1b4777f8d0b10c9776d224e0aa38e9ca91a6c80d472d5b5ceafac2e507c335a2bd9959073d74912825e1361bae699404b8c3bcdd9306b85c1b79
- SSDEEP
  
  1536:3N+t5Lq6w48qJ4UJe6wyG9EeG251GX/J3GC1Zqn+MVpx2RnB:kt5L0UJe6wyG9EeG251GX/J3GC1ciVB
Score

1^/10
behavioral7 behavioral8
- Target
  
  TGX V5 - V1.0.0/Scripts/Aimbot.txt
- Size
  
  30KB
- MD5
  
  3ea5f844c18f550a3db09193c56594e8
- SHA1
  
  389968ae4228908180ba68ecfab2ddfabeb0966b
- SHA256
  
  d33d3205288b776d977ad0047647bc8d40b83bc7d4f190f86f1011c8b417e983
- SHA512
  
  8af81e52e74950a1961ad004400140386b0ad3d49d64e9617ad12d4550a4b1699eddf8e79849a32cdbdad034f25ee535430de9bef0513758e48b29a54d52b440
- SSDEEP
  
  768:DW6T+ELiUI29j8vVwP8UkSVDYtDkYNighmLlmyEDKtpWpJ7xwrs5SwG1NBbp0Bwh:iYTEK0y
Score

1^/10
behavioral10 behavioral9
- Target
  
  TGX V5 - V1.0.0/Scripts/CC Aimbot.txt
- Size
  
  23KB
- MD5
  
  3ab630b89a082862b82b552185ea4f84
- SHA1
  
  703658e38cb131e6e53491f437a2e7e80a19ba82
- SHA256
  
  54cba20aa0213ce83ed348763db0b17a55e4f39fbeae2ef0535ccf76b95bf622
- SHA512
  
  9c290dd73db4425643f52f5f72c9c4d55666071141f3efd696e4b757b46ebf9fc6bb964ed61f3d9e3ddcbdf4073850041a43b9df6dbf50fcace9382d875fe77b
- SSDEEP
  
  384:vP89lT07hqwp4EfExaDMluPQhKj8NTtXNKCkqJKcGfOtCZukLQKfb/eo5H+mYxsa:vP8XT07hqwp4EfExaDMluPQhKj8NTtXR
Score

1^/10
behavioral11 behavioral12
- Target
  
  TGX V5 - V1.0.0/Scripts/Dex Explorer v2.txt
- Size
  
  632KB
- MD5
  
  317fec7c823a6ba4ad613220b587a0e8
- SHA1
  
  3884e8a9a9122e7912c76c919f20c1b9d274f505
- SHA256
  
  5573cc6f439511c5ec73b0c88af87bce49cac37475aa32da5b75b931f632a3dc
- SHA512
  
  d5adc2137051ab321197d0a2261ab991f5bf16e0271485c64b66679d863efb58191fe269fc40aa39feefd380b28d33168a6910b7ec40dedd2974e6d1d2db0bad
- SSDEEP
  
  12288:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOCBkVgfgLcbVgBe28Vk9Gm1OvClEjmD1Szi:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOC0
Score

1^/10
behavioral13 behavioral14
- Target
  
  TGX V5 - V1.0.0/Scripts/Dex Explorer.txt
- Size
  
  2KB
- MD5
  
  2653a7d92c77ce2269e5d83f9276df81
- SHA1
  
  dc7789afa8887e2a2e3bf1146c2636ade1f50ec3
- SHA256
  
  9e7179b6dfc1ad3a0bd5182290bb335ccf3fd51ecfa7740b8271814a9a564f5d
- SHA512
  
  f025b189a5d31fceefb9cec270640b1f63552500657704833b68cd7820bb1c98abc33c8c2976d09b927ecfb2ac30f22c6b51da89d8c186093fc10fdc28d177c2
Score

1^/10
behavioral15 behavioral16
- Target
  
  TGX V5 - V1.0.0/Scripts/Mad City 2.txt
- Size
  
  266KB
- MD5
  
  1f2e26cfc004bdc2f2de0679c8ff2568
- SHA1
  
  82f610d4b99fd08b52ffdd7d23b9f036bdcf27ba
- SHA256
  
  629a0b979031a8b94d19e55cc1974c1361b491b005ca6b2f849265c5812b39f4
- SHA512
  
  155fd7696881f01e401028f39e123a3023d5f84dab1a41c8b0440587b00aa8d4bab6654414c6e5a49ffae69734cbf2f0dac68cb1106a717e4216c69ef762103b
- SSDEEP
  
  3072:VS2T6iABa4FZmn//HRR4OhRUU8EdPpES4xFdbIy91oH34O91N8sh/:VVTPzYZmnnoOLUzEdR34xFdbIUoXJisB
Score

1^/10
behavioral17 behavioral18
- Target
  
  TGX V5 - V1.0.0/Scripts/TopKek V3.txt
- Size
  
  81KB
- MD5
  
  9e488b83078daf39e6f15f90c8d689cf
- SHA1
  
  8602a9d4ecb5c4ea52f096e60b72607731c62277
- SHA256
  
  c40fe38b134a8484794b773a363377ec8b37ed8bb5b5c88e182f4f7acc60b4c8
- SHA512
  
  a86b60e792572ecc512ffad6eab8c271da206fe108d03c9c0156b5eea7a889c61943e88480a14f51ca787c79d084bc099cd3b01e7b5569e6149b3b079a45839a
- SSDEEP
  
  768:l9dGinWaivTGFMoN6x94g+SnITXinAUJj0WFtdefC3ELZ7KhJDr0RzKokMy23ckW:Y3sr7b8W2PSh0gpNtiVtB
Score

1^/10
behavioral19 behavioral20
- Target
  
  TGX V5 - V1.0.0/System.Management.Automation.dll
- Size
  
  352KB
- MD5
  
  835e9ede7e7c774e7a2d56cfdf6e9b17
- SHA1
  
  a43ed886b68c6ee913da85df9ad2064f1d81c470
- SHA256
  
  c3a5868584a777422cebcf31d6718fd2b26d5e2314d3b5ba6d8e47aa40faba0c
- SHA512
  
  74284fd44497beb74326d11a0f63d96aff20aa44cfa8385f6b63b7e6743403c36e2ea4fb0d991767117a97d320e04d2b21f0a4730916244af4ffdaf51e834a26
- SSDEEP
  
  3072:d/SDqTIE+QQVVBCTmAG17iT+Lt8D/1L2iLZdrs81sDotEKjRmarzRm+5gSBZqoEJ:d/PXS6WK2iLZdgotEKj9rzRmkgSBAot
Score

1^/10
behavioral21 behavioral22
- Target
  
  TGX V5 - V1.0.0/TGX.exe
- Size
  
  1.3MB
- MD5
  
  678c8653640dd0f9d19e278674472d54
- SHA1
  
  4a331b40f175cb0d9fc460e7cf9fd5783048551d
- SHA256
  
  6fba7d910817ad1807a538e6a544c5fe2d16e39017ba40ad7c63beaa75f65cc0
- SHA512
  
  06c5ae89aa5e5538198625f1532b5359b9f2f15d970e3f73869bf770fd50fac862727c658f16ea10d1f6267e7ab9eb9c1a091ff942a385c31d071c24f473b347
- SSDEEP
  
  12288:zflguQwxRJ1cJ3DgRaSelVJDp2f7K33nQ3gwp/nhyE:zflgwRJ0iaSebJw63QR
Score

8^/10
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral23 behavioral24
- Target
  
  TGX V5 - V1.0.0/Zeus.dll
- Size
  
  8.4MB
- MD5
  
  22f99cb448ada143921ab3570a60e1e7
- SHA1
  
  f2c7918fe51ff8cad84f3b51b3f1d97075249cd2
- SHA256
  
  ad8bff1ef7d3c0ff6c67c32f98401158e3875019d6b7355777ab2baf82ddc512
- SHA512
  
  b53824bde25b3b0fb4a1b7e5587b21e7cd719724d3e5a249bb673221f1272845d11207ab185ce1b43c45f86806ed7c901bc86a7054e0700eca995edfa27cccb2
- SSDEEP
  
  196608:7bVIQVUJ1OGfQosgxIgaa8JSk8JdNU7fWYMGZ1zJ6Ga:7OQcOGf/Yjark8JdNWWYFh1a
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral25 behavioral26
- Target
  
  TGX V5 - V1.0.0/bin/Zeus.exe
- Size
  
  8KB
- MD5
  
  0e748258bdff15e851a83bd6f8f0344f
- SHA1
  
  21a019e8fade24187c4ce31115a9dc038dd2be3a
- SHA256
  
  c12319d8eb3d4b085601c0fe3ad5ca7b51766898cfe1fd62e9d11fd0e4bf8dc4
- SHA512
  
  e0372d5cd1e9c4e8e5c2f97ae14ea503a2d9e1fbe91bc56aaf2df2efa8c5c16e366fd7a05e5e0bd20480c6ea3cc9658160b796d242254824da95453602fd9414
- SSDEEP
  
  96:9XemmFrmDP0eUaEuiTnY9Ep7cxr5LF3PFFqhz4YKJujFzNt:gSDP0etEu6Y9wcxrHChz4xa/
Score

1^/10
behavioral27 behavioral28
- Target
  
  TGX V5 - V1.0.0/bin/lua.xshd
- Size
  
  3KB
- MD5
  
  ae551f74a59ad5d9009b5ccdf9d85fe3
- SHA1
  
  f42b8bbc35ec476d62a41e3cc3be6769fcfdac39
- SHA256
  
  01a7e671abd3181a6540ca44a98a01bf70cb35d92db586f8dd9d527c9c2e8b87
- SHA512
  
  645c50b90782015bec666db41bd5998f8ab615267387b7f6e358239bf362463f54aa7ae3e307f713f8724a0e2598e2b0567fb797052d837e9f1a22e22fdf32b0
Score

1^/10
behavioral29 behavioral30

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30