Overview

overview

9

Static

static

3

TGX V5 - V...PC.dll

windows10-1703-x64

3

TGX V5 - V...PC.dll

windows10-2004-x64

3

TGX V5 - V...it.dll

windows10-1703-x64

1

TGX V5 - V...it.dll

windows10-2004-x64

1

TGX V5 - V...on.dll

windows10-1703-x64

1

TGX V5 - V...on.dll

windows10-2004-x64

1

TGX V5 - V...3.0.js

windows10-1703-x64

1

TGX V5 - V...3.0.js

windows10-2004-x64

1

TGX V5 - V...bot.js

windows10-1703-x64

1

TGX V5 - V...bot.js

windows10-2004-x64

1

TGX V5 - V...bot.js

windows10-1703-x64

1

TGX V5 - V...bot.js

windows10-2004-x64

1

TGX V5 - V... v2.js

windows10-1703-x64

1

TGX V5 - V... v2.js

windows10-2004-x64

1

TGX V5 - V...rer.js

windows10-1703-x64

1

TGX V5 - V...rer.js

windows10-2004-x64

1

TGX V5 - V...y 2.js

windows10-1703-x64

1

TGX V5 - V...y 2.js

windows10-2004-x64

1

TGX V5 - V... V3.js

windows10-1703-x64

1

TGX V5 - V... V3.js

windows10-2004-x64

1

TGX V5 - V...on.dll

windows10-1703-x64

1

TGX V5 - V...on.dll

windows10-2004-x64

1

TGX V5 - V...GX.exe

windows10-1703-x64

8

TGX V5 - V...GX.exe

windows10-2004-x64

8

TGX V5 - V...us.dll

windows10-1703-x64

9

TGX V5 - V...us.dll

windows10-2004-x64

9

TGX V5 - V...us.exe

windows10-1703-x64

1

TGX V5 - V...us.exe

windows10-2004-x64

1

TGX V5 - V...ua.xml

windows10-1703-x64

1

TGX V5 - V...ua.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/06/2023, 02:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TGX V5 - V1.0.0/TGX.exe

  • Size

    1.3MB

  • MD5

    678c8653640dd0f9d19e278674472d54

  • SHA1

    4a331b40f175cb0d9fc460e7cf9fd5783048551d

  • SHA256

    6fba7d910817ad1807a538e6a544c5fe2d16e39017ba40ad7c63beaa75f65cc0

  • SHA512

    06c5ae89aa5e5538198625f1532b5359b9f2f15d970e3f73869bf770fd50fac862727c658f16ea10d1f6267e7ab9eb9c1a091ff942a385c31d071c24f473b347

  • SSDEEP

    12288:zflguQwxRJ1cJ3DgRaSelVJDp2f7K33nQ3gwp/nhyE:zflgwRJ0iaSebJw63QR

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TGX V5 - V1.0.0\TGX.exe
    "C:\Users\Admin\AppData\Local\Temp\TGX V5 - V1.0.0\TGX.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3144

Network

  • flag-us
    DNS
    cloud.tgxgang.xyz
    TGX.exe
    Remote address:
    8.8.8.8:53
    Request
    cloud.tgxgang.xyz
    IN A
    Response
    cloud.tgxgang.xyz
    IN CNAME
    ephemeral-paprenjak-7547b8.netlify.app
    ephemeral-paprenjak-7547b8.netlify.app
    IN A
    13.228.199.255
    ephemeral-paprenjak-7547b8.netlify.app
    IN A
    18.139.194.139
  • flag-sg
    GET
    https://cloud.tgxgang.xyz/json/Universal.txt
    TGX.exe
    Remote address:
    13.228.199.255:443
    Request
    GET /json/Universal.txt HTTP/1.1
    Host: cloud.tgxgang.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 51936
    Cache-Control: public, max-age=0, must-revalidate
    Content-Length: 4642
    Content-Type: text/plain; charset=UTF-8
    Date: Fri, 09 Jun 2023 02:28:45 GMT
    Etag: "46f376084ba8c9884d0b6ea59e4e8281-ssl"
    Server: Netlify
    Strict-Transport-Security: max-age=31536000
    X-Nf-Request-Id: 01H2EZR74HZVCA9BD0CH3BSXWN
  • flag-sg
    GET
    https://cloud.tgxgang.xyz/json/Universal.txt
    TGX.exe
    Remote address:
    13.228.199.255:443
    Request
    GET /json/Universal.txt HTTP/1.1
    Host: cloud.tgxgang.xyz
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 51939
    Cache-Control: public, max-age=0, must-revalidate
    Content-Length: 4642
    Content-Type: text/plain; charset=UTF-8
    Date: Fri, 09 Jun 2023 02:28:48 GMT
    Etag: "46f376084ba8c9884d0b6ea59e4e8281-ssl"
    Server: Netlify
    Strict-Transport-Security: max-age=31536000
    X-Nf-Request-Id: 01H2EZR9ZXZPM364R1RYFWVP1H
  • flag-sg
    GET
    https://cloud.tgxgang.xyz/json/Universal.txt
    TGX.exe
    Remote address:
    13.228.199.255:443
    Request
    GET /json/Universal.txt HTTP/1.1
    Host: cloud.tgxgang.xyz
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 51941
    Cache-Control: public, max-age=0, must-revalidate
    Content-Length: 4642
    Content-Type: text/plain; charset=UTF-8
    Date: Fri, 09 Jun 2023 02:28:50 GMT
    Etag: "46f376084ba8c9884d0b6ea59e4e8281-ssl"
    Server: Netlify
    Strict-Transport-Security: max-age=31536000
    X-Nf-Request-Id: 01H2EZRC6FFNTRT4MS90P3GS4Z
  • flag-sg
    GET
    https://cloud.tgxgang.xyz/json/Universal.txt
    TGX.exe
    Remote address:
    13.228.199.255:443
    Request
    GET /json/Universal.txt HTTP/1.1
    Host: cloud.tgxgang.xyz
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 51943
    Cache-Control: public, max-age=0, must-revalidate
    Content-Length: 4642
    Content-Type: text/plain; charset=UTF-8
    Date: Fri, 09 Jun 2023 02:28:52 GMT
    Etag: "46f376084ba8c9884d0b6ea59e4e8281-ssl"
    Server: Netlify
    Strict-Transport-Security: max-age=31536000
    X-Nf-Request-Id: 01H2EZREC9JF9SSPGC3G2EE5RG
  • flag-us
    DNS
    255.199.228.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    255.199.228.13.in-addr.arpa
    IN PTR
    Response
    255.199.228.13.in-addr.arpa
    IN PTR
    ec2-13-228-199-255ap-southeast-1compute amazonawscom
  • flag-us
    DNS
    ndc.tgxgang.xyz
    TGX.exe
    Remote address:
    8.8.8.8:53
    Request
    ndc.tgxgang.xyz
    IN A
    Response
    ndc.tgxgang.xyz
    IN CNAME
    cname.vercel-dns.com
    cname.vercel-dns.com
    IN A
    76.76.21.241
    cname.vercel-dns.com
    IN A
    76.76.21.98
  • flag-us
    GET
    https://ndc.tgxgang.xyz/tgx-downloader-filex/dll/ZeusDLL.dll
    TGX.exe
    Remote address:
    76.76.21.241:443
    Request
    GET /tgx-downloader-filex/dll/ZeusDLL.dll HTTP/1.1
    Host: ndc.tgxgang.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Age: 6544
    Cache-Control: public, max-age=0, must-revalidate
    Connection: keep-alive
    Content-Disposition: inline; filename="ZeusDLL.dll"
    Content-Length: 8871952
    Content-Type: application/x-msdownload
    Date: Fri, 09 Jun 2023 02:28:53 GMT
    Etag: "1f74a11de3f9c78b30cd039d0426b87c"
    Server: Vercel
    Strict-Transport-Security: max-age=63072000
    X-Vercel-Cache: HIT
    X-Vercel-Id: fra1::5c4t9-1686277733066-b2695d6d1d6d
  • flag-us
    GET
    https://ndc.tgxgang.xyz/tgx-downloader-filex/dll/ZeusDLL.dll
    TGX.exe
    Remote address:
    76.76.21.241:443
    Request
    GET /tgx-downloader-filex/dll/ZeusDLL.dll HTTP/1.1
    Host: ndc.tgxgang.xyz
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Age: 6680
    Cache-Control: public, max-age=0, must-revalidate
    Connection: keep-alive
    Content-Disposition: inline; filename="ZeusDLL.dll"
    Content-Length: 8871952
    Content-Type: application/x-msdownload
    Date: Fri, 09 Jun 2023 02:31:08 GMT
    Etag: "1f74a11de3f9c78b30cd039d0426b87c"
    Server: Vercel
    Strict-Transport-Security: max-age=63072000
    X-Vercel-Cache: HIT
    X-Vercel-Id: fra1::zp8z2-1686277868568-adfbd9d0209d
  • flag-us
    DNS
    241.21.76.76.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.21.76.76.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.8.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    cloud.tgxgang.xyz
    TGX.exe
    Remote address:
    8.8.8.8:53
    Request
    cloud.tgxgang.xyz
    IN A
    Response
    cloud.tgxgang.xyz
    IN CNAME
    ephemeral-paprenjak-7547b8.netlify.app
    ephemeral-paprenjak-7547b8.netlify.app
    IN A
    52.74.166.77
    ephemeral-paprenjak-7547b8.netlify.app
    IN A
    34.126.184.144
  • flag-sg
    GET
    https://cloud.tgxgang.xyz/Json/ScriptHub.json
    TGX.exe
    Remote address:
    52.74.166.77:443
    Request
    GET /Json/ScriptHub.json HTTP/1.1
    Host: cloud.tgxgang.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 0
    Cache-Control: public, max-age=0, must-revalidate
    Content-Length: 63940
    Content-Type: application/json
    Date: Fri, 09 Jun 2023 02:31:08 GMT
    Etag: "f541b0fc344b97b29750c70deb6cfe2f-ssl"
    Server: Netlify
    Strict-Transport-Security: max-age=31536000
    X-Nf-Request-Id: 01H2EZWJPCMVRJDT7542AKW4S4
  • flag-sg
    GET
    https://cloud.tgxgang.xyz/json/Universal.txt
    TGX.exe
    Remote address:
    52.74.166.77:443
    Request
    GET /json/Universal.txt HTTP/1.1
    Host: cloud.tgxgang.xyz
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Age: 0
    Cache-Control: public, max-age=0, must-revalidate
    Content-Length: 4642
    Content-Type: text/plain; charset=UTF-8
    Date: Fri, 09 Jun 2023 02:31:08 GMT
    Etag: "46f376084ba8c9884d0b6ea59e4e8281-ssl"
    Server: Netlify
    Strict-Transport-Security: max-age=31536000
    X-Nf-Request-Id: 01H2EZWJPCJB8KHZKNS6TMV0CH
  • flag-us
    DNS
    77.166.74.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.166.74.52.in-addr.arpa
    IN PTR
    Response
    77.166.74.52.in-addr.arpa
    IN PTR
    ec2-52-74-166-77ap-southeast-1compute amazonawscom
  • 13.228.199.255:443
    https://cloud.tgxgang.xyz/json/Universal.txt
    tls, http
    TGX.exe
    1.9kB
     25.8kB
     27
    32

    HTTP Request

    GET https://cloud.tgxgang.xyz/json/Universal.txt

    HTTP Response

    200

    HTTP Request

    GET https://cloud.tgxgang.xyz/json/Universal.txt

    HTTP Response

    200

    HTTP Request

    GET https://cloud.tgxgang.xyz/json/Universal.txt

    HTTP Response

    200

    HTTP Request

    GET https://cloud.tgxgang.xyz/json/Universal.txt

    HTTP Response

    200
  • 76.76.21.241:443
    https://ndc.tgxgang.xyz/tgx-downloader-filex/dll/ZeusDLL.dll
    tls, http
    TGX.exe
    231.0kB
     9.3MB
     4671
    6625

    HTTP Request

    GET https://ndc.tgxgang.xyz/tgx-downloader-filex/dll/ZeusDLL.dll

    HTTP Response

    200

    HTTP Request

    GET https://ndc.tgxgang.xyz/tgx-downloader-filex/dll/ZeusDLL.dll

    HTTP Response

    200
  • 52.74.166.77:443
    https://cloud.tgxgang.xyz/Json/ScriptHub.json
    tls, http
    TGX.exe
    2.1kB
     71.3kB
     34
    62

    HTTP Request

    GET https://cloud.tgxgang.xyz/Json/ScriptHub.json

    HTTP Response

    200
  • 52.74.166.77:443
    https://cloud.tgxgang.xyz/json/Universal.txt
    tls, http
    TGX.exe
    957 B
     9.9kB
     10
    14

    HTTP Request

    GET https://cloud.tgxgang.xyz/json/Universal.txt

    HTTP Response

    200
  • 8.8.8.8:53
    cloud.tgxgang.xyz
    dns
    TGX.exe
    63 B
     147 B
     1
    1

    DNS Request

    cloud.tgxgang.xyz

    DNS Response

    13.228.199.255
    18.139.194.139

  • 8.8.8.8:53
    255.199.228.13.in-addr.arpa
    dns
    73 B
     142 B
     1
    1

    DNS Request

    255.199.228.13.in-addr.arpa

  • 8.8.8.8:53
    ndc.tgxgang.xyz
    dns
    TGX.exe
    61 B
     127 B
     1
    1

    DNS Request

    ndc.tgxgang.xyz

    DNS Response

    76.76.21.241
    76.76.21.98

  • 8.8.8.8:53
    241.21.76.76.in-addr.arpa
    dns
    71 B
     125 B
     1
    1

    DNS Request

    241.21.76.76.in-addr.arpa

  • 8.8.8.8:53
    45.8.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    45.8.109.52.in-addr.arpa

  • 8.8.8.8:53
    cloud.tgxgang.xyz
    dns
    TGX.exe
    63 B
     147 B
     1
    1

    DNS Request

    cloud.tgxgang.xyz

    DNS Response

    52.74.166.77
    34.126.184.144

  • 8.8.8.8:53
    77.166.74.52.in-addr.arpa
    dns
    71 B
     138 B
     1
    1

    DNS Request

    77.166.74.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3144-116-0x0000000000950000-0x0000000000AAE000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3144-117-0x0000000003090000-0x00000000030A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3144-118-0x0000000009D30000-0x0000000009D38000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3144-119-0x0000000009EB0000-0x0000000009EE8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3144-120-0x000000000B030000-0x000000000B0E0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/3144-121-0x000000000B510000-0x000000000B532000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3144-122-0x000000000B540000-0x000000000B890000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3144-123-0x0000000009720000-0x000000000972A000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.