Analysis

  • max time kernel
    5s
  • max time network
    28s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    11/11/2024, 09:46 UTC

General

  • Target

    bbffee542e6e421c97aaa098dea81f1219b1e5e6ecd9dd68f69ab9f945256ec4.apk

  • Size

    9.6MB

  • MD5

    b3e9fc30293110c46d947b3ef06481d3

  • SHA1

    b28c1051ff1988feea27933bf66749add77d3890

  • SHA256

    bbffee542e6e421c97aaa098dea81f1219b1e5e6ecd9dd68f69ab9f945256ec4

  • SHA512

    23f96eae6d4ba123bf3672026b6e30bba32817626da88f472f9b27a04681f74e428199ebef727d964e8d902a1a8f94457fa5f885d93f690964591512e18d42f2

  • SSDEEP

    196608:7+YYaAAjey2vrCDrmF5dXptUUaPpZoxFYpnxQ3v+JZT9QTKUIp:7YeeVDCDrmnd5tU7PpZ/1uYReKJ

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

  • TangleBot payload 1 IoCs
  • Tanglebot family
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.team.thumb
    1⤵
    • Loads dropped Dex/Jar
    PID:4317

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • 172.217.169.74:443
    tls, https
    1.2kB
    40 B
    1
    1
  • 142.250.187.238:443
    tls, https
    915 B
    40 B
    1
    1
  • 142.250.187.238:443
    tls, https
    915 B
    40 B
    1
    1
  • 216.58.213.10:443
    tls, https
    2.3kB
    40 B
    1
    1
  • 224.0.0.251:5353
    2.5kB
    8
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
    69 B
    1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
    69 B
    1
    1

    DNS Request

    android.apis.google.com

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.team.thumb/app_tuna/dZyI.json

    Filesize

    1.8MB

    MD5

    ee5a51cf9748acd1cc79634b01ffc008

    SHA1

    664393aa3655f0b568aad77a1fc50c65c92a285c

    SHA256

    c41b5c4e6d2af25c5ac26f40d71ecfd173a5bb357f218ebd7a6c80bd05684316

    SHA512

    345c49367ae1b8d3ce1848ecaa4dd6126b9611c6f6a2b2f74fb9f290f2fc40fe6fca0f5206d92e7060ca6e6af76a6ab2ccbde799d1e73042586571eded4485b9

  • /data/data/com.team.thumb/app_tuna/dZyI.json

    Filesize

    1.8MB

    MD5

    8d027c741be3da38788f2477e47d6fde

    SHA1

    d6b53e019a737d2dc1d0cd2be9baa5042680b26b

    SHA256

    dfc8898b5794c0aaa7cf64dfed2bbea59c6c3191977eeeb1c0dbc38d186cfe10

    SHA512

    3c0a6a20e85782aff2449a0303b87dc082518971e419167056b014a57cf4f99376807953dc6eb574f9f4dc99def59d03972193767c29f9c1e1c220fb7afe82b7

  • /data/user/0/com.team.thumb/app_tuna/dZyI.json

    Filesize

    4.4MB

    MD5

    e79c4a410e60f4a19b678f577ed7e81e

    SHA1

    9a875e6ab04b4fa1b4b481446604368907a915a1

    SHA256

    b09115e89719e0301718acfda0b0776311edc6d84847202370224ae9055d0a97

    SHA512

    014a6592f424a595d81b2ad84919d8ce110150d83e0cb12b463ae9dbccfe08b12c7b1f72cd93b62a3e31c1386dc8c44db9abe588b03fd723d86d272b75b0a5fa

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.