Analysis
-
max time kernel
5s -
max time network
28s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
11/11/2024, 09:46 UTC
Static task
static1
Behavioral task
behavioral1
Sample
bbffee542e6e421c97aaa098dea81f1219b1e5e6ecd9dd68f69ab9f945256ec4.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
base.apk
Resource
android-x86-arm-20240624-en
General
-
Target
bbffee542e6e421c97aaa098dea81f1219b1e5e6ecd9dd68f69ab9f945256ec4.apk
-
Size
9.6MB
-
MD5
b3e9fc30293110c46d947b3ef06481d3
-
SHA1
b28c1051ff1988feea27933bf66749add77d3890
-
SHA256
bbffee542e6e421c97aaa098dea81f1219b1e5e6ecd9dd68f69ab9f945256ec4
-
SHA512
23f96eae6d4ba123bf3672026b6e30bba32817626da88f472f9b27a04681f74e428199ebef727d964e8d902a1a8f94457fa5f885d93f690964591512e18d42f2
-
SSDEEP
196608:7+YYaAAjey2vrCDrmF5dXptUUaPpZoxFYpnxQ3v+JZT9QTKUIp:7YeeVDCDrmnd5tU7PpZ/1uYReKJ
Malware Config
Signatures
-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload 1 IoCs
resource yara_rule behavioral1/memory/4317-0.dex family_tanglebot3 -
Tanglebot family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.team.thumb/app_tuna/dZyI.json 4317 com.team.thumb
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponse
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponse
-
1.2kB 40 B 1 1
-
915 B 40 B 1 1
-
915 B 40 B 1 1
-
2.3kB 40 B 1 1
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD5ee5a51cf9748acd1cc79634b01ffc008
SHA1664393aa3655f0b568aad77a1fc50c65c92a285c
SHA256c41b5c4e6d2af25c5ac26f40d71ecfd173a5bb357f218ebd7a6c80bd05684316
SHA512345c49367ae1b8d3ce1848ecaa4dd6126b9611c6f6a2b2f74fb9f290f2fc40fe6fca0f5206d92e7060ca6e6af76a6ab2ccbde799d1e73042586571eded4485b9
-
Filesize
1.8MB
MD58d027c741be3da38788f2477e47d6fde
SHA1d6b53e019a737d2dc1d0cd2be9baa5042680b26b
SHA256dfc8898b5794c0aaa7cf64dfed2bbea59c6c3191977eeeb1c0dbc38d186cfe10
SHA5123c0a6a20e85782aff2449a0303b87dc082518971e419167056b014a57cf4f99376807953dc6eb574f9f4dc99def59d03972193767c29f9c1e1c220fb7afe82b7
-
Filesize
4.4MB
MD5e79c4a410e60f4a19b678f577ed7e81e
SHA19a875e6ab04b4fa1b4b481446604368907a915a1
SHA256b09115e89719e0301718acfda0b0776311edc6d84847202370224ae9055d0a97
SHA512014a6592f424a595d81b2ad84919d8ce110150d83e0cb12b463ae9dbccfe08b12c7b1f72cd93b62a3e31c1386dc8c44db9abe588b03fd723d86d272b75b0a5fa