Overview

overview

10

Static

static

6

7e792ff227...a7.apk

android-9-x86

10

7e792ff227...a7.apk

android-10-x64

10

7e792ff227...a7.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-10-x64

10

Analysis

  • max time kernel
    9s
  • max time network
    133s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    01-12-2024 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e792ff22711078c41f2623730a69ad6818b87764f712c7841984794604069a7.apk

  • Size

    9.2MB

  • MD5

    701224ab054633f0d7cc5a177b0ef411

  • SHA1

    a669694c71bae67cd6b4fb9e4c09445b2631176a

  • SHA256

    7e792ff22711078c41f2623730a69ad6818b87764f712c7841984794604069a7

  • SHA512

    d52c95f097e6cdbbe25b3206ebd36edb3cb5c8755c1f5926f601b107ccd6e2832ee1d7b6126f66f9f66b57802119dac2da324f9cfeae92c51148caf966ab4d4e

  • SSDEEP

    196608:UHCbuN232dRfTDWPH52kCgldaURD0JkBlgRLS046Wb3aF7hm8sLr4KHzeuf:YCyNA2kH5MgloURD0GBAe046WTaF7SL1

Score
10/10
tanglebotevasioninfostealerspywaretrojan

Malware Config

Signatures

  • TangleBot

    TangleBot is an Android SMS malware first seen in September 2021.

    trojaninfostealerspywaretanglebot
  • TangleBot payload 1 IoCs
  • Tanglebot family
    tanglebot
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion

Processes

  • com.book.present
    1⤵
    • Loads dropped Dex/Jar
    PID:4250
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.book.present/app_subject/ey.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.book.present/app_subject/oat/x86/ey.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4277

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.book.present/app_subject/ey.json
    Filesize

    1.8MB

    MD5

    2bb0481569721e1462f93d3b8b24259a

    SHA1

    5374aa5b409c89dc41f4f1a1e6f17cadafce818a

    SHA256

    372faccc66c3d64706600f91641f4dd75f49886bb387c2a37399f4d68196d738

    SHA512

    cd6235164831a433507c64f63c4e536f0892d0d6773a29c8225336cb727a60b97a00734942b1b6b3b44c3c6538066e6175a8853179e34a57d0e3372de3bc53ec

    Download Submit

  • /data/data/com.book.present/app_subject/ey.json
    Filesize

    1.8MB

    MD5

    4afc235db7f581f134b778546c579409

    SHA1

    4d835b73441165bd6ab93b7b846698489457cefc

    SHA256

    4d19f78042e6642df1915d8197771cb80f8d6e30eb675b65c53af2fa68cf3880

    SHA512

    f98ac3d79fba1d025c9a622a370540b37fdbd0de35399882a1d4b3212494341189a3c9b900338f66a8b402725c062ffe23bd51b8fb1fa733af4ea160e067b552

    Download Submit

  • /data/user/0/com.book.present/app_subject/ey.json
    Filesize

    4.4MB

    MD5

    991e7aea02bef1098ffa18ce7b608695

    SHA1

    f75961efaf6c09924342bd42d2b6b62d02544778

    SHA256

    b74c691ed2c436fef4cfc0f6c43d4db1d5d33452e2c71f6aba1588bed1186ffd

    SHA512

    ecd84c0043970102734c6806612d7f29bba6de454573223fb0b518a23f059581811f682dd7967b0e228727ee1de8e491f45acd31b14f749b6f7c76c78b7f1687

    Download Submit

  • /data/user/0/com.book.present/app_subject/ey.json
    Filesize

    4.4MB

    MD5

    e74d826e0437470ffa0ba67318ab3aec

    SHA1

    3b4a101b79279b00427420c0b3c6b744e5320d57

    SHA256

    df12eaf75223c9830ca572608b91f0f17ad3533fab30ee39125a57406adc6b39

    SHA512

    9785fe65d9b97f00e8ccf0c671b38bfa3887297f419aa9e28e47f539769a357ff7274e9e855cd4cebbf218f77462b88dd5a891bb7bc3d5ac2933e987a18de04c

    Download Submit