Analysis
-
max time kernel
148s -
max time network
153s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
01-12-2024 21:22
General
-
Target
tg.apk
-
Size
3.4MB
-
MD5
00ea37c8d4d22cc8e0d5438121368140
-
SHA1
f36242b33a26bdc3b0f9e43581e9d52bfc76c353
-
SHA256
3b8ff929d8a1b47164901c932af1b77f56f0ddeb83db3064fd6fd49a2bf50c59
-
SHA512
bf894f36848699afbbbdb1d2245b1523112c7cfcc380714d2ee52fed9e392f8a682a3f05900db56a1acddf4ec9185421eb7b2041fe1ee901339a7a177f467149
-
SSDEEP
98304:A67LxA+PscPoX0eItCneBvAj3NeDP1QhA5PrLYjQV:/7LxA+CFItCneBIjd8dQhaPXY0V
Malware Config
Extracted
tgtoxic
Signatures
-
TgToxic
TgToxic is an Android banking trojan first seen in July 2022.
-
Tgtoxic family
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.example.mysoul1⤵
- Checks known Qemu pipes.
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
3System Checks
3Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Process Discovery
1System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
241KB
MD51e581b53b7641e4d96ac69a4f927fd06
SHA139aef08f433878685c783423ee7259b516f98ed9
SHA25693d95338dcdbd4ad5f2fbc8d506bee82543aa4da717c8896063611e339e7064e
SHA51232340104e51aa7e79b7d1423f0a05b47c9a15464ee90244237b91b556c626b33c2b47d7f5dfa6ff3989ce63f8520d093a9277cc68fe56435d68667a817a3adb6
-
Filesize
4KB
MD5b92cb082787ee39e98a9c080f0790675
SHA188b0511c8905f22f5a0c8f7b837a58a43499c682
SHA2563e1d31391c55982feeb9d58bb92dfe1a2299db3c66b41a25dde77c11e07801d3
SHA5121b24d92839025b9125dcbc1525c7ada7d51099d342cc5451875a250f23a4c9544df396e83edf812d5f0bdb2485f491f365697bed70899ccd5b82dcf6273233eb
-
Filesize
3KB
MD562f964d921a8eb475b0d410a8380265a
SHA1d2d659b8c8fb865cb4cdb4b9bbfb751cb42fd702
SHA256a7d9b15d8fa46da6c31578f18d06e6b8c255f34322c667753681223534c650f2
SHA51211bba79ba7dd816aae16e5c1c73c5077c0d69efcafb559bcea426a56a0cf721c0ea257c4cb283a6050dac0993945ce742e6143bf1e184d7d6f9037d1be93242e
-
Filesize
2KB
MD52a991ace4822fc2c2dd65dcb41999c07
SHA181a941fec588c65ef6ed1349a74200b605d22427
SHA25672acb728acc3155e39e3ebb853fc9ce0401a9f081836155e12f2121600e349e5
SHA5120fff3e6f1a4f719ebed738324cb31d147d003e8b5ef9dd27e25903493e63fd620559d5b9c1ec16b8c5e9f91f2fad29fd4adff6daa07c6d0869fe25e9cf50888c
-
Filesize
3KB
MD542dbdc095240f21ca3c049fe994a4000
SHA1d38b0c8a33c444d52019e50ec1d8a2534cb31086
SHA25686d8ab8e308fcd32a27fba5999a44a1aa32f24f8c83176e1f8345c219c1ce203
SHA51283c9b45cb2599e501b978066fe411240c60efbd7ff344d052b6c5248cdae59e553b8cd0139ae5012482962cdc97b7459fc876f2725384ef42c6ef4c0dfedcd9c
-
Filesize
2KB
MD5ec193595f567dac48f2d1ce8aff33b46
SHA1114296eb51f7b743d08dbb2644186cf335d49c27
SHA2565e801de20bf0084c1f05ae02be41816bd32d1dedb91aaf9a65d3194e80af88f1
SHA512f5ba55520a3a7c68a3065f5ae60296bc982d3d768b92c08e0964c65b35be2d7d50facee7916975b608f7783025e11ed3b5bb6651a727879432a4da8ca5050ef1
-
Filesize
3KB
MD54eaf47c22fc273db6cac1f9b6d150707
SHA10d4e3236a58782003510af3f540c767f08319a0d
SHA256d76e6714f5a7cf39750c09208fb575b3c27709ac75ba2f6a8600fc29caab5fb3
SHA5123936c2dd3b13f5bf49a5be13ca9f57655711e19a813f7ef941fdd78431ca28b70649834f90ce1536c30513a4060d6f3829ca13c292299c3ba95396766a079c93
-
Filesize
4KB
MD5588e57ced19e5e84cf80b72985dc2cf2
SHA143ee1e31d576c9725d4409ddf1fd0d4f1a72822c
SHA25672036444bec9592d285e306e902a2d11c12a4f3dc938c9b51c7ccd5eaaa0da1f
SHA5128667a85b446ce795a08b9b3f3b3f2ee6c2ffc5cd486fcfac017b36d55a9c61675ddb96e4c53e7a060f4a6b685692a84c1adac60c4416419360e61f48642efec0
-
Filesize
5KB
MD5b6f28e058147852f9dce34b2c610d568
SHA1f3c2861be24968efd02ec830156e165e33be2752
SHA2562300b9b9f8b1db6e5c42c9bf9190ad60fdd961cbd918201da8c5f154d75e8fcd
SHA5123ee839838b1a6a82d000b1e4d609d0b76ad374c22ed79510b6d87df098d19e9498cb299d198112f2e8eba7280a2144c1ec1564fefc4d20ee0f001ca45dd3eab9
-
Filesize
3KB
MD59658076786a255940f7487eea9496721
SHA1a6dca25ea041f5dfc214a99371abe8c9526ae302
SHA256110cefb38b0fba84186646f841579bacd2dac35219ff61e1824accea23691d68
SHA51204f73c03e99e482bac48374f4dcec14513484ab387266d1360e8aaaeb7b8242d6b25bf21baba2ca32a46cd2122bcd2cc4fb9f1c1086626d4d9c31a454166a8dc
-
Filesize
3KB
MD57b91cd583dfc590481ff01b2bd994353
SHA1cbd2d3b803fbc7ca608af5f1b6f827b760f35529
SHA2564a804a97858e2ec416fa25fc33e5deac2b4ebf8fb37b0a9d62dd996090997e3a
SHA512a84cc358236624759978c1bdf1b287a9c4b2991fba3e720f7d197cadb0edb35f7beb45e8b83b36f2df350d38a2b1cf3743e02028bae7962f0a7377c85f8c7ae0
-
Filesize
3KB
MD53eee20aa4cf758718173ba04f2d1a78a
SHA13df0641dfc79ebf2ccf819b003821e6e72760595
SHA256716b4fb6b93dfd3e64d020f6d491c2fd007788523b5dcbcc38aafa70a6dc5882
SHA51245df0473c591967f3c5376027787d27f8be92224b4afef2bd72f47553a66d245c5986a0491c732f1f7c371de286c88667677b49adc554a387a7c88bfa92cb95a
-
Filesize
3KB
MD5ce26676f8e2fe950d5e2f3fef72dd1e3
SHA10cffd0f11c5a64765f8f4b04e54750820b9729da
SHA256f7c4a5d2def379fba1fe1100f31c6b0982b9d268f6254ebb425706d47a5590be
SHA5126a0e22d6d9c6955a0223ed3d7bbffb0be69ec1dc09df4d5917a0c04ab89dbd1ac9369b36de2310ad7cbd00746161d3ec57d05eca9c8f0a87a0572edc52ac40ec
-
Filesize
2KB
MD529a422a6fec5edda26d6ea953e0dde77
SHA1700a5cdd75524645c10fc84ec0707697147b52d6
SHA256970e79514f9b85cf5180c0d752817a78db199f2773458919c3b4bafd6b922ee4
SHA5121deb05d6df4e22ac3ca60e525ba3baf3db16b2715eb8ad623acaffaaf9ca2d9597cf224a83a23918f36b0c89cf09d037c37d50da74421f33b64bf5ea28b213c0
-
Filesize
2KB
MD5adf5cf796f5f41061c39a81d9e3cfd2c
SHA10878cbccae3b71a4895d2e939d87247ceeb8d966
SHA256ba83066b5e1e5b94d36a48b2c21d2245cf4240fc1080f003fbcb1bda80e3cb47
SHA512376f4fd428bfcc65ad606256d441c82bdb3348e2cef0653357412d1e532ced986cf3433d4125c35258f20fec5567fc160bce4ad33b8b7bf9ec1f3b91c1b6d5ed
-
Filesize
3KB
MD592a6224e4e0e5adc80dd86f02e4b5dce
SHA18d23227909458bb7e62ab7b6420bc0a5cfa96831
SHA25642669b3b1fabca0de1ac237528fd59386157b598793d3fa45be019c0d4e7ab22
SHA512f36e01f61959cee71ccb5a8a0b16bf5a62ba613a7b0bf13a44ba5cdf8c083de9d6a67589e2f67609003781c6e8d44ae0e9496ba8de52306b7d6bcd1272f157e1
-
Filesize
4KB
MD577faceda71e4e4ae0ec3c1696dc27cfb
SHA1ea52adcd42159b75fe988f418f549193c69c67db
SHA256dafaa4e941539b9bfa24fefc26bc3dbc74e2aa5256544de1b4d292c6a3ea10fb
SHA51291719bf5f3c85ea2c866455de9e6c74f6ec8cd023192d1da199d3a9b99ac8ab87bea196edca0fd11c4bbefe88da4f8a5132dadccd4fca4acd8920c0ba2ace190
-
Filesize
5KB
MD58c4f443d3371cffad317a3ef88693413
SHA11069cbe97d9a0a5b137daa8b2a10b0bb922f1283
SHA256e060c0dd6a96031719b5a36cedf28375b4bded918b707f5530a5102dd9066543
SHA512c3c865c68820c5863b5a1f937fce40e766e03702f29d7fd131ab552d155ab6ed694e1554228d30bd13a2964aa170716e28355d0074ed8064545185199c2a2508
-
Filesize
3KB
MD58e59c1b565f37c440183e5095b5fd78b
SHA13ae91dda0450e6d6332bd5599a560868543a1a22
SHA25607afa649ce3a2d1b642a40b7d3784172fd7da289c78036b1988a474ecc0a44af
SHA512d0b25c8445a1668a8e528baf452dbcc7f274c8b591da2190967130fa5617189624e0e55f6b07fd9ba7bff43ac1fba0fff25116b29cd54089ecb30a838a6516fb
-
Filesize
2KB
MD5371c51545807950ecc0ec1b364bf1e02
SHA1a680b0282c69367ec71d939cd2c0de0d76e3bf68
SHA256ab8169e9b740b213094ff20ffebf7ac3cce49c25a689a9ffe0613acf7b9b4680
SHA5125b09f51c8d8cbc2c44191869653433544fc5c42102c7336a0730e3191562033815291fd76071880d84751bb2b924e44a3afca78e5233c3871abe33f909350c16
-
Filesize
3KB
MD5161f64a16b5597e70b10248b7fdd689d
SHA132bb95f1bdc12b137181324b8a461426634946a9
SHA256d993b1412906d9de741ee5b72aa66caf15da20dd74a8316d03afd8eab223ebbd
SHA5125051d947c5854da2289c6432ec2b8310815407dfcc1e207d7fd3a71f5b099f64dcfcae04d0dbe146fb0fd6c0db3ad0c56dd7f911611e7effb1ee552b38262a19
-
Filesize
3KB
MD5d51a24fd4f4a73e0559be0241048ca1d
SHA1cf7cd1211a64f09cc8d903f5bc661d9ffa563271
SHA256383d8c03f7a1153a390b97d9646ddec03f0b7a20bfb3ecef45083757bb27f02f
SHA5122bfa9a919b0f72ec9106ff6adc8ff66cc52122dc804ad7e42288ff3a2fd8e9eb01cad82e0674a98f6167bbf992a2beb12706e0b939f4f6ddd090b66a7538418e
-
Filesize
3KB
MD5bd828af3248901e02f306845943f6c5f
SHA1ee8bf23d1e9c1aadd4cbdd13cfe8d591e4a9c8e4
SHA2561281f1f36738923998cf687f4e7fab1ffc031fc6fd832c331233581df8f41205
SHA5120134679fb92b288b667fecf9d8368fa2ee71077d991c15a55c1557c197463fde8c9502fb9691ce2c8877793518b537134961bf34f97cbaf48ebf7d5d5bcdabf5
-
Filesize
16KB
MD592f4fccd58415db0e92162a51e719449
SHA115f497fd30d342607967aa873c78865d9472c5f0
SHA2560be3961d25c265074fe92a0e0f18bd6b59f7fce478a964b156cfb6573dff3c04
SHA512606cad27d1ffb6d5e4c03ca5049cded29430665937c94f05f1b755694338639d69715025e55707275278d40ac54cc41ef6765211cf376db6a79427726c9b0aea
-
Filesize
36KB
MD5dd491ddfd0be140cd0953e4b030c6c95
SHA1685838ada2ba4ba6b490a64b44a3041197b8b2c6
SHA25628cfa98ba4cfba52967572d746445458001efe4188d8dc597d5af9b34da39429
SHA512168ff3424b0619c447db15b9e037aab6b8948709167f97dca577a7b8a969a67c821d93ada82c34d0cc5de2089defba5d323be07354298758c5797a83521f59d6
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD594d0b5cde58642492d3cff3ef1d03ebd
SHA1e62b0672c69b4d76a2d91418bd032e7d86133e9b
SHA25681cf301db987424aaea9334827c7c000652df2bbbaef71932119e5e7019d0985
SHA512f25a449e27300c804330b5bd9ce6cf0a873bf279d93b0df4ed201ebe6c89fbb7a3d45bad47410ae14bb35cb27edd5706077e75772afd2c7588b62dd3f4a906c4
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD591910fdf2b9df85e63fe639409c60e9a
SHA1792b3ccd7d948133595ba0cf260a154c3a5b3718
SHA256b5c2584d44934c5f8ef0c7cda5d7adc4f9fe8d045fb5b9bcde7abdf215a5f065
SHA51262a89e5c736894c0c139bcd832340e486d71817f89d5213fa3afe215b5141e065b7c9ae5495f11aa7686f2e38a4d118fe590606b6efcec3845513e42cd9360fd
-
Filesize
108KB
MD5aecd44c9f4b62be329482d23c9440cbc
SHA1c3dd1be3738fc9c5d8257567cad7850b8a2586d8
SHA2568777712cebf4404a867d0a12b3a539fecb316091c0e98ed1fd9c2af0692864b1
SHA512ac38a770ed0ea0f7cb1f92fb175603ace11b437454e3af8badc1c2dfa33e9daa1a47186a23899db269c0d1eab11f69f8d5085a4545cae2554209b66b88aae8fd