Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

b321719ebc...3e.apk

android-9-x86

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    8s
  • max time network
    36s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    11/11/2024, 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b321719ebcb565c70ee1c7b6505b72aa4adc4308b6e61a64d3a21f9c9d52273e.apk

  • Size

    9.4MB

  • MD5

    855d32b7bed8432df4132ce328d32dc1

  • SHA1

    4c5c3717d3a56f004b71673ec1ebb610e6396920

  • SHA256

    b321719ebcb565c70ee1c7b6505b72aa4adc4308b6e61a64d3a21f9c9d52273e

  • SHA512

    37bc99458813d592c477c7ad583540d67f9c655655a2c66126cd56dbc67832bd0719774b5b0cf639d088e3b6dc5d35d7dd5dca52d837dddd5823092b9fa614c7

  • SSDEEP

    196608:M+uJPAWDGAIwBpLKthDCHE77CyZOAUPcqslE83de:M+uJZlIw0RSPlrh

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.essay.strong
    1⤵
    • Loads dropped Dex/Jar
    PID:4254
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.essay.strong/app_attitude/KuHBitK.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.essay.strong/app_attitude/oat/x86/KuHBitK.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4281

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.essay.strong/app_attitude/KuHBitK.json
    Filesize

    1.8MB

    MD5

    5ab3ff12451169f29e6a9af46ac60687

    SHA1

    34029b07e8c861d28d143f8010eb3c7030a9b1bf

    SHA256

    068314c4c6edc881ff8fc99f519c85f8d6c0cde7ea887a293575c4f5880111f7

    SHA512

    10841d4812f2de88834b7cfa3a387d77e6e2de22edc40f73b54c699773675428dad9e98fc5b808f7484e8f7c369fa2f879f67a3a2d1afa0b0f5702b733bf80c8

    Download Submit

  • /data/data/com.essay.strong/app_attitude/KuHBitK.json
    Filesize

    1.8MB

    MD5

    f62892875664a3a6e772e5d018cdb168

    SHA1

    5d137a8cadc2b09cb9e640853986c9733f448d6d

    SHA256

    7bb03a0e2f1b20cc1e1f4a88bceea62b7327a5a9e370e2aa8c8d9e35ea54083b

    SHA512

    9497bea37896bc211404e41abecf531bd1eac62f437781bd218d0d64ecde264829d5bf5994ecf9e3a67dcbcc7c4f3595c61ec48a0a700c69ad1da81329cbd05e

    Download Submit

  • /data/user/0/com.essay.strong/app_attitude/KuHBitK.json
    Filesize

    4.4MB

    MD5

    55f86621e311fcc5a84e62471fef5c9d

    SHA1

    5cbaed193fc806942e3cc9d6260fce5fe2f992fe

    SHA256

    39a02b3b0115de84d66cfc716799160a403e55f02f072ac48bba16ac969e0231

    SHA512

    fbbd52c803d2406be55a0403e39cb21f769e7b922226b100d192b732b167d367abe61c8bbe05c2691ce14b32afaf96970c9895db5804ca43dd259c50ca993226

    Download Submit

  • /data/user/0/com.essay.strong/app_attitude/KuHBitK.json
    Filesize

    4.4MB

    MD5

    1e840d461d0f8a831bfdd7dd7a5d1d77

    SHA1

    6a2a47bba45ff18a49b48c74e5df4c93f756a96c

    SHA256

    f45117008f96245e6d7d37274ce7f137a4f1e4b9b63f9fd9e730d279b94aae45

    SHA512

    7675228079a85c41ad1b35f23e9ccab3b25908d2a839dcd545bd7795d230ec4cbf00c05c0eba65635446c495b0d8af7a83b245af9f21c59377abaf8598327b67

    Download Submit