tanglebot | test[.]zip

General

Target

test.zip
Size

1.5MB
MD5

64fcd5f17d85e6dd6fcf563b362be2c0
SHA1

00d54c8ad2b164b334d338cb33842d967f37d143
SHA256

1b111224d09a16d2bde1739501a18c69bf4f0f08f97d8cc4f3019969b462ddd8
SHA512

0869cdbc35e07cea648f7f6ca740bf89794f69752dd8c33d8ace6c1a5601bf83696f00b00d85b245e44500b6f233fbd64cd9464cb29384563686252b75893d7c
SSDEEP

49152:Aoaldtm0fiCVOUi5CooWBndnflP0qiSrt:AoAvm8OPocnflPni4t

Score

10^/10

tanglebot

Family

tanglebot

C2

https://icq.im/AoLH58pXY8ejJTQiWg8

https://t.me/pempeppepepep

https://t.me/xpembeppep2p2

TangleBot payload 1 IoCs

resource	yara_rule
static1/unpack001/907536e41808a5e398852c18e089ee5d7783c8932295509b213bafcbe19f087d.apk	family_tanglebot2

Tanglebot family
tanglebot
Attempts to obfuscate APK file format
Applies obfuscation techniques to the APK format in order to hinder analysis

Declares services with permission to bind to the system 1 IoCs

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 5 IoCs

description	ioc
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW