tgtoxic | 700feb6516b2b9070283a3e818abc7c1735e08ca750ff6b522737f2ab3cd77c8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

base.apk

android-9-x86

base.apk

android-10-x64

7

base.apk

android-11-x64

Resubmissions

28/02/2025, 19:01

250228-xn824avqs3 10

28/02/2025, 18:56

250228-xls8vsvpv9 10

Sharing

General

Target

21540224260.zip
Size

3.9MB
Sample

250228-xn824avqs3
MD5

421035d50ba07ee6adeb2497ab429e7a
SHA1

e84d467f5742fae74ffef2ffaee15dc1beacd448
SHA256

700feb6516b2b9070283a3e818abc7c1735e08ca750ff6b522737f2ab3cd77c8
SHA512

1f8a76486066fd2e1677dd344fa34c4c2393b31153d64830847cfba21403bb18fa1ce3b1ccb035c1a2fcecd72239fdd55554d5e62a46894f6dfea356952c7a93
SSDEEP

98304:yi6Ge9Z6wtemExoJY3GqNdQOXfNKPACGdtjBg6nOtA4:yrGq6wtvExuGGqTX/FtjBRCd

Score

10^/10

tgtoxic android banker collection credential_access defense_evasion discovery execution impact persistence stealer trojan

Static task

static1

7 signatures

Behavioral task

behavioral1

Sample

base.apk

Resource

android-x86-arm-20240910-en

android-9-x86

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

base.apk

Resource

android-x64-20240910-en

defense_evasion discovery

android-10-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

base.apk

Resource

android-x64-arm64-20240910-en

tgtoxic banker collection credential_access defense_evasion discovery execution impact persistence stealer trojan

android-11-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  base.apk
- Size
  
  3.5MB
- MD5
  
  adc5d16499c92152a1b96f97edecf63d
- SHA1
  
  35f9c75df79fbd36e89e65e99463bccc62988426
- SHA256
  
  8e5051ee23cb01c25f0adcee6475f4fbd4cff15edaf08c7a81676ced4bfbbd39
- SHA512
  
  fd57f7d4e43bcb38469980b8b23a1e38122f3634e461cc2b50a187cd7e5e3560e55fa8c2e7f74625ca9bb59730121889b439cc03206126c9334164c5cf36e80b
- SSDEEP
  
  49152:pgWoVs7LxArmZtZqKD0LSNGUNog3SFI80X6Qpd2x6x8MbsCnJMzvvS9jz0o/nq:I67LxA+DqKD1G2FxNAx6x8vrLYjQt
Score

10^/10

defense_evasion discovery tgtoxic banker collection credential_access execution impact persistence stealer trojan
- TgToxic
  TgToxic is an Android banking trojan first seen in July 2022.
  stealer trojan banker tgtoxic
- Tgtoxic family
  tgtoxic
- Checks known Qemu pipes.
  Checks for known pipes used by the Android emulator to communicate with the host.
  defense_evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscovery

behavioral3

tgtoxicbankercollectioncredential_accessdefense_evasiondiscoveryexecutionimpactpersistencestealertrojan

© 2018-2025

Terms | Privacy