tgtoxic | 3b8ff929d8a1b47164901c932af1b77f56f0ddeb83db3064fd6fd49a2bf50c59

Analysis

max time kernel
17s
max time network
133s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
01-12-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tg.apk
Size

3.4MB
MD5

00ea37c8d4d22cc8e0d5438121368140
SHA1

f36242b33a26bdc3b0f9e43581e9d52bfc76c353
SHA256

3b8ff929d8a1b47164901c932af1b77f56f0ddeb83db3064fd6fd49a2bf50c59
SHA512

bf894f36848699afbbbdb1d2245b1523112c7cfcc380714d2ee52fed9e392f8a682a3f05900db56a1acddf4ec9185421eb7b2041fe1ee901339a7a177f467149
SSDEEP

98304:A67LxA+PscPoX0eItCneBvAj3NeDP1QhA5PrLYjQV:/7LxA+CFItCneBIjd8dQhaPXY0V

Score

10^/10

tgtoxic banker collection credential_access discovery evasion execution impact infostealer persistence trojan

Malware Config

Signatures

TgToxic
TgToxic is an Android banking trojan first seen in July 2022.
infostealer trojan banker tgtoxic
Tgtoxic family
tgtoxic

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.example.mysoul
/dev/qemu_pipe	com.example.mysoul

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.example.mysoul

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.example.mysoul

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.example.mysoul

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.example.mysoul

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.example.mysoul

com.example.mysoul
1⤵
- Checks known Qemu pipes.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4347

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.mysoul/files/lang/ar.json

Filesize
4KB

MD5
b92cb082787ee39e98a9c080f0790675

SHA1
88b0511c8905f22f5a0c8f7b837a58a43499c682

SHA256
3e1d31391c55982feeb9d58bb92dfe1a2299db3c66b41a25dde77c11e07801d3

SHA512
1b24d92839025b9125dcbc1525c7ada7d51099d342cc5451875a250f23a4c9544df396e83edf812d5f0bdb2485f491f365697bed70899ccd5b82dcf6273233eb

Download Submit
/data/data/com.example.mysoul/files/lang/de.json

Filesize
3KB

MD5
62f964d921a8eb475b0d410a8380265a

SHA1
d2d659b8c8fb865cb4cdb4b9bbfb751cb42fd702

SHA256
a7d9b15d8fa46da6c31578f18d06e6b8c255f34322c667753681223534c650f2

SHA512
11bba79ba7dd816aae16e5c1c73c5077c0d69efcafb559bcea426a56a0cf721c0ea257c4cb283a6050dac0993945ce742e6143bf1e184d7d6f9037d1be93242e

Download Submit
/data/data/com.example.mysoul/files/lang/en.json

Filesize
2KB

MD5
2a991ace4822fc2c2dd65dcb41999c07

SHA1
81a941fec588c65ef6ed1349a74200b605d22427

SHA256
72acb728acc3155e39e3ebb853fc9ce0401a9f081836155e12f2121600e349e5

SHA512
0fff3e6f1a4f719ebed738324cb31d147d003e8b5ef9dd27e25903493e63fd620559d5b9c1ec16b8c5e9f91f2fad29fd4adff6daa07c6d0869fe25e9cf50888c

Download Submit
/data/data/com.example.mysoul/files/lang/es.json

Filesize
3KB

MD5
42dbdc095240f21ca3c049fe994a4000

SHA1
d38b0c8a33c444d52019e50ec1d8a2534cb31086

SHA256
86d8ab8e308fcd32a27fba5999a44a1aa32f24f8c83176e1f8345c219c1ce203

SHA512
83c9b45cb2599e501b978066fe411240c60efbd7ff344d052b6c5248cdae59e553b8cd0139ae5012482962cdc97b7459fc876f2725384ef42c6ef4c0dfedcd9c

Download Submit
/data/data/com.example.mysoul/files/lang/fa.json

Filesize
2KB

MD5
ec193595f567dac48f2d1ce8aff33b46

SHA1
114296eb51f7b743d08dbb2644186cf335d49c27

SHA256
5e801de20bf0084c1f05ae02be41816bd32d1dedb91aaf9a65d3194e80af88f1

SHA512
f5ba55520a3a7c68a3065f5ae60296bc982d3d768b92c08e0964c65b35be2d7d50facee7916975b608f7783025e11ed3b5bb6651a727879432a4da8ca5050ef1

Download Submit
/data/data/com.example.mysoul/files/lang/fil.json

Filesize
3KB

MD5
4eaf47c22fc273db6cac1f9b6d150707

SHA1
0d4e3236a58782003510af3f540c767f08319a0d

SHA256
d76e6714f5a7cf39750c09208fb575b3c27709ac75ba2f6a8600fc29caab5fb3

SHA512
3936c2dd3b13f5bf49a5be13ca9f57655711e19a813f7ef941fdd78431ca28b70649834f90ce1536c30513a4060d6f3829ca13c292299c3ba95396766a079c93

Download Submit
/data/data/com.example.mysoul/files/lang/fr.json

Filesize
4KB

MD5
588e57ced19e5e84cf80b72985dc2cf2

SHA1
43ee1e31d576c9725d4409ddf1fd0d4f1a72822c

SHA256
72036444bec9592d285e306e902a2d11c12a4f3dc938c9b51c7ccd5eaaa0da1f

SHA512
8667a85b446ce795a08b9b3f3b3f2ee6c2ffc5cd486fcfac017b36d55a9c61675ddb96e4c53e7a060f4a6b685692a84c1adac60c4416419360e61f48642efec0

Download Submit
/data/data/com.example.mysoul/files/lang/hi.json

Filesize
5KB

MD5
b6f28e058147852f9dce34b2c610d568

SHA1
f3c2861be24968efd02ec830156e165e33be2752

SHA256
2300b9b9f8b1db6e5c42c9bf9190ad60fdd961cbd918201da8c5f154d75e8fcd

SHA512
3ee839838b1a6a82d000b1e4d609d0b76ad374c22ed79510b6d87df098d19e9498cb299d198112f2e8eba7280a2144c1ec1564fefc4d20ee0f001ca45dd3eab9

Download Submit
/data/data/com.example.mysoul/files/lang/in.json

Filesize
3KB

MD5
9658076786a255940f7487eea9496721

SHA1
a6dca25ea041f5dfc214a99371abe8c9526ae302

SHA256
110cefb38b0fba84186646f841579bacd2dac35219ff61e1824accea23691d68

SHA512
04f73c03e99e482bac48374f4dcec14513484ab387266d1360e8aaaeb7b8242d6b25bf21baba2ca32a46cd2122bcd2cc4fb9f1c1086626d4d9c31a454166a8dc

Download Submit
/data/data/com.example.mysoul/files/lang/it.json

Filesize
3KB

MD5
7b91cd583dfc590481ff01b2bd994353

SHA1
cbd2d3b803fbc7ca608af5f1b6f827b760f35529

SHA256
4a804a97858e2ec416fa25fc33e5deac2b4ebf8fb37b0a9d62dd996090997e3a

SHA512
a84cc358236624759978c1bdf1b287a9c4b2991fba3e720f7d197cadb0edb35f7beb45e8b83b36f2df350d38a2b1cf3743e02028bae7962f0a7377c85f8c7ae0

Download Submit
/data/data/com.example.mysoul/files/lang/iw.json

Filesize
3KB

MD5
3eee20aa4cf758718173ba04f2d1a78a

SHA1
3df0641dfc79ebf2ccf819b003821e6e72760595

SHA256
716b4fb6b93dfd3e64d020f6d491c2fd007788523b5dcbcc38aafa70a6dc5882

SHA512
45df0473c591967f3c5376027787d27f8be92224b4afef2bd72f47553a66d245c5986a0491c732f1f7c371de286c88667677b49adc554a387a7c88bfa92cb95a

Download Submit
/data/data/com.example.mysoul/files/lang/ja.json

Filesize
3KB

MD5
ce26676f8e2fe950d5e2f3fef72dd1e3

SHA1
0cffd0f11c5a64765f8f4b04e54750820b9729da

SHA256
f7c4a5d2def379fba1fe1100f31c6b0982b9d268f6254ebb425706d47a5590be

SHA512
6a0e22d6d9c6955a0223ed3d7bbffb0be69ec1dc09df4d5917a0c04ab89dbd1ac9369b36de2310ad7cbd00746161d3ec57d05eca9c8f0a87a0572edc52ac40ec

Download Submit
/data/data/com.example.mysoul/files/lang/ko.json

Filesize
2KB

MD5
29a422a6fec5edda26d6ea953e0dde77

SHA1
700a5cdd75524645c10fc84ec0707697147b52d6

SHA256
970e79514f9b85cf5180c0d752817a78db199f2773458919c3b4bafd6b922ee4

SHA512
1deb05d6df4e22ac3ca60e525ba3baf3db16b2715eb8ad623acaffaaf9ca2d9597cf224a83a23918f36b0c89cf09d037c37d50da74421f33b64bf5ea28b213c0

Download Submit
/data/data/com.example.mysoul/files/lang/ms.json

Filesize
2KB

MD5
adf5cf796f5f41061c39a81d9e3cfd2c

SHA1
0878cbccae3b71a4895d2e939d87247ceeb8d966

SHA256
ba83066b5e1e5b94d36a48b2c21d2245cf4240fc1080f003fbcb1bda80e3cb47

SHA512
376f4fd428bfcc65ad606256d441c82bdb3348e2cef0653357412d1e532ced986cf3433d4125c35258f20fec5567fc160bce4ad33b8b7bf9ec1f3b91c1b6d5ed

Download Submit
/data/data/com.example.mysoul/files/lang/pt.json

Filesize
3KB

MD5
92a6224e4e0e5adc80dd86f02e4b5dce

SHA1
8d23227909458bb7e62ab7b6420bc0a5cfa96831

SHA256
42669b3b1fabca0de1ac237528fd59386157b598793d3fa45be019c0d4e7ab22

SHA512
f36e01f61959cee71ccb5a8a0b16bf5a62ba613a7b0bf13a44ba5cdf8c083de9d6a67589e2f67609003781c6e8d44ae0e9496ba8de52306b7d6bcd1272f157e1

Download Submit
/data/data/com.example.mysoul/files/lang/ru.json

Filesize
4KB

MD5
77faceda71e4e4ae0ec3c1696dc27cfb

SHA1
ea52adcd42159b75fe988f418f549193c69c67db

SHA256
dafaa4e941539b9bfa24fefc26bc3dbc74e2aa5256544de1b4d292c6a3ea10fb

SHA512
91719bf5f3c85ea2c866455de9e6c74f6ec8cd023192d1da199d3a9b99ac8ab87bea196edca0fd11c4bbefe88da4f8a5132dadccd4fca4acd8920c0ba2ace190

Download Submit
/data/data/com.example.mysoul/files/lang/th.json

Filesize
5KB

MD5
8c4f443d3371cffad317a3ef88693413

SHA1
1069cbe97d9a0a5b137daa8b2a10b0bb922f1283

SHA256
e060c0dd6a96031719b5a36cedf28375b4bded918b707f5530a5102dd9066543

SHA512
c3c865c68820c5863b5a1f937fce40e766e03702f29d7fd131ab552d155ab6ed694e1554228d30bd13a2964aa170716e28355d0074ed8064545185199c2a2508

Download Submit
/data/data/com.example.mysoul/files/lang/tr.json

Filesize
3KB

MD5
8e59c1b565f37c440183e5095b5fd78b

SHA1
3ae91dda0450e6d6332bd5599a560868543a1a22

SHA256
07afa649ce3a2d1b642a40b7d3784172fd7da289c78036b1988a474ecc0a44af

SHA512
d0b25c8445a1668a8e528baf452dbcc7f274c8b591da2190967130fa5617189624e0e55f6b07fd9ba7bff43ac1fba0fff25116b29cd54089ecb30a838a6516fb

Download Submit
/data/data/com.example.mysoul/files/lang/ur.json

Filesize
2KB

MD5
371c51545807950ecc0ec1b364bf1e02

SHA1
a680b0282c69367ec71d939cd2c0de0d76e3bf68

SHA256
ab8169e9b740b213094ff20ffebf7ac3cce49c25a689a9ffe0613acf7b9b4680

SHA512
5b09f51c8d8cbc2c44191869653433544fc5c42102c7336a0730e3191562033815291fd76071880d84751bb2b924e44a3afca78e5233c3871abe33f909350c16

Download Submit
/data/data/com.example.mysoul/files/lang/vi.json

Filesize
3KB

MD5
161f64a16b5597e70b10248b7fdd689d

SHA1
32bb95f1bdc12b137181324b8a461426634946a9

SHA256
d993b1412906d9de741ee5b72aa66caf15da20dd74a8316d03afd8eab223ebbd

SHA512
5051d947c5854da2289c6432ec2b8310815407dfcc1e207d7fd3a71f5b099f64dcfcae04d0dbe146fb0fd6c0db3ad0c56dd7f911611e7effb1ee552b38262a19

Download Submit
/data/data/com.example.mysoul/files/lang/vn.json

Filesize
3KB

MD5
d51a24fd4f4a73e0559be0241048ca1d

SHA1
cf7cd1211a64f09cc8d903f5bc661d9ffa563271

SHA256
383d8c03f7a1153a390b97d9646ddec03f0b7a20bfb3ecef45083757bb27f02f

SHA512
2bfa9a919b0f72ec9106ff6adc8ff66cc52122dc804ad7e42288ff3a2fd8e9eb01cad82e0674a98f6167bbf992a2beb12706e0b939f4f6ddd090b66a7538418e

Download Submit
/data/data/com.example.mysoul/files/lang/zh.json

Filesize
3KB

MD5
bd828af3248901e02f306845943f6c5f

SHA1
ee8bf23d1e9c1aadd4cbdd13cfe8d591e4a9c8e4

SHA256
1281f1f36738923998cf687f4e7fab1ffc031fc6fd832c331233581df8f41205

SHA512
0134679fb92b288b667fecf9d8368fa2ee71077d991c15a55c1557c197463fde8c9502fb9691ce2c8877793518b537134961bf34f97cbaf48ebf7d5d5bcdabf5

Download Submit
/data/data/com.example.mysoul/files/langs.json

Filesize
16KB

MD5
92f4fccd58415db0e92162a51e719449

SHA1
15f497fd30d342607967aa873c78865d9472c5f0

SHA256
0be3961d25c265074fe92a0e0f18bd6b59f7fce478a964b156cfb6573dff3c04

SHA512
606cad27d1ffb6d5e4c03ca5049cded29430665937c94f05f1b755694338639d69715025e55707275278d40ac54cc41ef6765211cf376db6a79427726c9b0aea

Download Submit
/data/data/com.example.mysoul/files/womdu689rb

Filesize
36KB

MD5
dd491ddfd0be140cd0953e4b030c6c95

SHA1
685838ada2ba4ba6b490a64b44a3041197b8b2c6

SHA256
28cfa98ba4cfba52967572d746445458001efe4188d8dc597d5af9b34da39429

SHA512
168ff3424b0619c447db15b9e037aab6b8948709167f97dca577a7b8a969a67c821d93ada82c34d0cc5de2089defba5d323be07354298758c5797a83521f59d6

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f6250e48132d73f178c35f6050cbcf5b

SHA1
6d2edb00d8d5437690ca793c512f414f764fbf00

SHA256
4cc33e2edbabf9e05ed67302189a79aa023ad773416cb2c991f83beeb257d659

SHA512
c2007f78cfda5c54b1b648f529d998b3e153c691af1f63288f623e0afc7e9b753f8eee5c4bba8cf01c88bcdac661a9c0e79c1fa9141fe544adca1dd59d1f75d2

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
fe217d0dd44f6d57930492b1ab71a8a1

SHA1
d6f5e3ee7d492667de7d4a5e1a28c58229d26ba2

SHA256
cb122db9a3aea267e4e0bcb78118e25288bc834ca3bb53979be1f672af549f8f

SHA512
03e8234e5a03346473315d8d38c519e21fceda6999632aa818fc4c709cdf959f18e8e9c4158c76b4d35a008505c2d3a41e00cd37d1b306dcc721f08388ef5afb

Download Submit
/data/data/com.example.mysoul/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
d68cf3d20b9a9ad05a84237906a7c8d6

SHA1
45744ef2ebd286f7546c79ff85e9e0d064a3a2fa

SHA256
0f094e97cb53f75c3b0fe47422cfc6accda7fe63d75ea98e725f77aeb745ebad

SHA512
31baae5b2fafbfb627cc59ec26d8d8e99c26b8772ecfd234889c46bd83143caae6edc0d3990dfca3394fc235f82bd0b058152082ae4f774f72cef198424d0624

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads