Overview

overview

10

Static

static

6

f163cdc85d...01.apk

android-9-x86

10

f163cdc85d...01.apk

android-10-x64

10

f163cdc85d...01.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-10-x64

10

Analysis

  • max time kernel
    7s
  • max time network
    129s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    27-11-2024 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f163cdc85d8637d5d66cafd550670523ae79999fcda03fb45cfb357a1eae1d01.apk

  • Size

    9.2MB

  • MD5

    857f10858b18d1b7570d319c51fb4a2c

  • SHA1

    85e026819a801631047ba623619f839d42b168a6

  • SHA256

    f163cdc85d8637d5d66cafd550670523ae79999fcda03fb45cfb357a1eae1d01

  • SHA512

    f84206d13ed29e356e3cb4d6a403474ece9f888a8843ad09a36f3b906f67a52c5442ee1ece55a6eed3c9f0cae6a9380508856ec379c1e6f8297dbdad3d6f4617

  • SSDEEP

    196608:01tI4GciB6eVRMriO15415t0BY1roED9cX286g/6odenKia1o94Wc:01tI4TAZVRt15t0BY1rXDfg/6FxDZc

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.stage.rapid
    1⤵
    • Loads dropped Dex/Jar
    PID:4251
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.stage.rapid/app_rely/TpcgSq.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.stage.rapid/app_rely/oat/x86/TpcgSq.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4279

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.stage.rapid/app_rely/TpcgSq.json
    Filesize

    1.8MB

    MD5

    c07dce7337b96147260fa6d7020f4c9e

    SHA1

    872bb9ab30c76e631672105b6b0482c778eee984

    SHA256

    92705fd1c3acc6192c47679db757d1c416179248624e8170f69303a541b7879e

    SHA512

    9c8bf639d624b68462470d3a6ebe43e8ce680d2bd6fc8f26f22d8b51ccc66f7cc9ea5c78b8c5369428b7e1a82adee10cb6d8908a6af69c20aabb20e733cbb93e

    Download Submit

  • /data/data/com.stage.rapid/app_rely/TpcgSq.json
    Filesize

    1.8MB

    MD5

    8b35ad84d3875e9e92de0d3357ea8be1

    SHA1

    53650de47cc5d6fbf37135379a54918813063ea2

    SHA256

    653be7b37c3d0321d86e233055b284d5f4ae7d176fa6978987589184341a7469

    SHA512

    6ed1bf25531ae9e3430029150c9fe23fe781ed6fc1efbf9bff5bd69a95770929426bd3a6792e3e5909f2b74e8fa072bb12b8e60917e9eb5fa7b957c14a1dc883

    Download Submit

  • /data/user/0/com.stage.rapid/app_rely/TpcgSq.json
    Filesize

    4.4MB

    MD5

    62a5fc941c06d237ba72c09d003aa102

    SHA1

    3a305edd26d13abae88c0e4df0fbc5691a6d8edd

    SHA256

    97a34501a51a2de5bd2ef3908ea734bebec23cc34774765a82bd0b9574058778

    SHA512

    47fdced9e67506d1bf4cfedd573f26838758e78f05a80564f9e97b0251fbad65d4752e16f900af3e61eb82369e06facfe5cde6794b39614e9750b978d3b1d1be

    Download Submit

  • /data/user/0/com.stage.rapid/app_rely/TpcgSq.json
    Filesize

    4.4MB

    MD5

    73dd42aa6c5e636dd7f6008b877bd704

    SHA1

    4a8b299c6a9161b143b2d0c568b4ef8f85a1c253

    SHA256

    679e0942ca0c77b0e643a3b0d801850a22df138fbac0a54695181b409f004161

    SHA512

    592e52e267d8c4a0597cf2bbcee645f97376807831774b7c3e649d9ddaa56bc5120fefee4496817b994f165e624f5343bd08af6af308cda53eb923287cfa6bb2

    Download Submit