Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

3a78c03342...95.apk

android-9-x86

10

base.apk

android-9-x86

10

Analysis

  • max time kernel
    7s
  • max time network
    36s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01/12/2024, 21:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a78c03342da8226dbda1a372402a83fcbc350426b14e4ecd4ff69149b14c595.apk

  • Size

    9.4MB

  • MD5

    0f0b187f5fcdfc74ecea183b306db7e5

  • SHA1

    96de75bfb888dac59e35f2949f40dec3f7d860c7

  • SHA256

    3a78c03342da8226dbda1a372402a83fcbc350426b14e4ecd4ff69149b14c595

  • SHA512

    68112e38b0d9adfc7e807e2714d45b5f7b2b69b5e09d429e8c04edd04a96dfe28388f3212dcf0746fdf936b31081a9610ebe4033d25a039957d349137cbb249a

  • SSDEEP

    196608:E1AVKU5GcOMQ4B2Yb9AzpSreL5jir3brH8YIl4eaY3XMxhCGUHNa:EBU5UMD25VLRirHLIl4MLg

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.series.scrap
    1⤵
    • Loads dropped Dex/Jar
    PID:4273
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.series.scrap/app_token/pNxukPD.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.series.scrap/app_token/oat/x86/pNxukPD.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4298

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
  • 142.250.200.42:443
    tls, https
    202 B
     40 B
     1
    1
  • 216.58.204.78:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.179.234:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 224.0.0.251:5353
    2.9kB
     9
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     80 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     69 B
     1
    1

    DNS Request

    android.apis.google.com

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.series.scrap/app_token/pNxukPD.json
    Filesize

    1.8MB

    MD5

    23bede63d706b2ba842927606c5ba709

    SHA1

    accfb95e59320d71c9f3bd0d37c707e82bc83da0

    SHA256

    4bfc9becf8c2bfc7f7265d20948ab7ba8377489bfe3e6fa125074f3bd0e4dd49

    SHA512

    17bd3143561b4bab16778f37379bfbc29ed11fb8630b88a48576d2b5554dccc3450e5fe2297c29936ca4aef3a26b392757d4620ff8bf27e812a50f0c62873a29

    Download Submit

  • /data/data/com.series.scrap/app_token/pNxukPD.json
    Filesize

    1.8MB

    MD5

    49be4b94c06c5f082d1d63eae65fb28d

    SHA1

    23813ae1dcc58febdf4a522b42433edd1ad52d8d

    SHA256

    e3068016a96950d80cee09e7ce816ddb0461fd2c9014643ec5939197c6b6d87f

    SHA512

    bd33f87c0db57da2b28e3affa8a75377a7dfa8802a0195967cf5b8043ed8b05f4a208a0c99e935126c20620902aee4575235ef728e462fc33be35c0f799ff59c

    Download Submit

  • /data/user/0/com.series.scrap/app_token/pNxukPD.json
    Filesize

    4.4MB

    MD5

    617e62675cda1f82a81b4d3090c9e778

    SHA1

    1ff90c87cbcd763e8390d0e0e66301eee665a631

    SHA256

    656597aee17d72708ac0e80510b333a2133c39d170ae3056d40b3bca208d055c

    SHA512

    d07e3a87e43d6947acb2cd8bfda2b619d31e9164825a3df0f0761046628679a5fec9fe0ca1ef59d7bc59fb73a4aa990b1f93446719aacfa54656cab5081504b4

    Download Submit

  • /data/user/0/com.series.scrap/app_token/pNxukPD.json
    Filesize

    4.4MB

    MD5

    f4c32f4113b8d66ca8b11ebc6b1e5d30

    SHA1

    ffb703ba0ac177dc0a05338d5178698097fb3535

    SHA256

    416946f6dbc836fc9fa9cc0e05ab346bfd10166882e0f719bdc8bbd7e3a090cb

    SHA512

    ee5f2ba4054523eda7b37c8b6727b003370de849a4b181f4614092e24171796e6ad73114510fddd66bf6ec8733b196b776e59264dd3d9a2b182a02e40e0e224a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.