tanglebot | base[.]apk

General

Target

base.apk
Size

2.1MB
MD5

6509825dbd3038ad2cb113091e3f31f2
SHA1

3fde4be53ea3d6b7e2197c955c32d5211bd50e8a
SHA256

907536e41808a5e398852c18e089ee5d7783c8932295509b213bafcbe19f087d
SHA512

052dd394ade9eb977bb561f895f65f5ca9f5d3577371f50731dc7e69bed177442748bfbc0dd97a51651a64f2eb240435ab3591e86f26e047f2ff4090e36020f2
SSDEEP

49152:Aucdazfrs7fqjjx1Il4Uwxn6aT4KTErmcUDpJKM4O:AAzfrsmjDUwx6VbrIKM7

Score

10^/10

tanglebot

Malware Config

Extracted

Family

tanglebot

C2

https://icq.im/AoLH58pXY8ejJTQiWg8

https://t.me/pempeppepepep

https://t.me/xpembeppep2p2

Signatures

TangleBot payload 1 IoCs

resource	yara_rule
sample	family_tanglebot2

Tanglebot family
tanglebot
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

Files

base.apk
.apk android

la.lostecho.hook

la.lostecho.hook.MainActivity

Activities

la.lostecho.hook.MainActivity

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.POST_NOTIFICATIONS
android.permission.QUERY_ALL_PACKAGES
android.permission.REQUEST_DELETE_PACKAGES
android.permission.FOREGROUND_SERVICE
android.permission.READ_PHONE_STATE
android.permission.RECORD_AUDIO
android.permission.CAMERA
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.WAKE_LOCK
android.permission.SYSTEM_ALERT_WINDOW

Receivers

la.lostecho.hook.Receiver.ScreenReceiver

android.intent.action.USER_PRESENT
android.intent.action.SCREEN_ON
android.intent.action.SCREEN_OFF

la.lostecho.hook.Service.InstallerRestarterService

restartinstallerservice

Services

la.lostecho.hook.Service.AccessibilityControllerService

android.accessibilityservice.AccessibilityService

Android Permissions

base.apk

Permissions

android.permission.INTERNET

android.permission.POST_NOTIFICATIONS

android.permission.QUERY_ALL_PACKAGES

android.permission.REQUEST_DELETE_PACKAGES

android.permission.FOREGROUND_SERVICE

android.permission.READ_PHONE_STATE

android.permission.RECORD_AUDIO

android.permission.CAMERA

android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

android.permission.WAKE_LOCK

android.permission.SYSTEM_ALERT_WINDOW

Sharing

General

Malware Config

Extracted

Signatures

Files

la.lostecho.hook

la.lostecho.hook.MainActivity

Activities

la.lostecho.hook.MainActivity

Permissions

Receivers

la.lostecho.hook.Receiver.ScreenReceiver

la.lostecho.hook.Service.InstallerRestarterService

Services

la.lostecho.hook.Service.AccessibilityControllerService

Android Permissions

base.apk